Equifax got hacked - 143 million people affected

Status
Not open for further replies.
Joined
May 4, 2007
Messages
939
Location
IL
Hackers Accessed The Personal Data Of 143 Million People, Equifax Says

Equifax, an international credit reporting agency, has announced that a cybersecurity breach exposed the personal information of 143 million U.S. consumers. In a statement released Thursday, the Atlanta-based agency acknowledged that "criminals exploited a U.S. website application vulnerability to gain access to certain files."

Those files include data such as Social Security numbers, birthdates and addresses — and, Equifax adds, "in some instances, driver's license numbers."

For a span of roughly two months — from mid-May through July 29, when Equifax says it uncovered the breach — hackers had access to this information, as well as the credit card numbers of about 209,000 consumers and "certain dispute documents with personal identifying information" of about 182,000.

All told, the number of American consumers affected constitutes about 44 percent of the U.S. population.

Equifax did not explain why more than two months passed before it discovered the hack, which also affected an unspecified number of consumers from Canada and the U.K.

However, the agency is careful to note, it "has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases."

"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes," said Chairman and CEO Richard F. Smith said in a statement.

Equifax handles the data of more than 820 million people and more than 91 million businesses worldwide, the agency says on its website, to transform "knowledge into insights that help make more informed business decisions."

As gargantuan as the numbers may be, The New York Times points out this is not the largest data breach in history. That dubious distinction goes to Yahoo, which nearly a year ago announced that the personal information of at least 500 million people had been stolen. Just months later, the company said hackers stole data associated with more than 1 billion user accounts.

Equifax, for its part, says it has been in touch with law enforcement and that it has set up a website for consumers to determine whether they have been affected by the breach announced Thursday. It has also set up a call center at 866-447-7559 for the same purpose.
 
Not too much the thugs can do with my info-- all four of my credit files are locked/frozen and require PIN to unlock before any inquiries can process through for new credit, if someone applies for a loan or card in my name and ssn, etc. It works. I had to unlock my credit file for the bank to approve me for my recent motorcycle loan. Dealership finance mgr called me and was like "hey bank needs you to unlock your TransUnion file so they can do the approval process..." I Logged on, unlocked it, the bank did their thing, 30 minutes later I locked it down again.
 
P.S. to everyone: There's a 4th credit bureau now called Innovis. They're sort of a lite version but still archive consumer credit data and function similar to the big three credit bureaus. Locked my Innovis report down as well... five digit PIN if I remember right.
 
Equifax set up a website where you can "check" to see if your data was compromised. I tried it and it's garbage. Instead of telling me yes or no, it just gives a date to come back and sign up for their complimentary monitoring service. [censored]?

I smell a class action lawsuit.
 
Last edited:
It isn't clear to me if the database that was hacked was:

1. The information that they store on EVERYONE. This would be the information that is referenced when you apply for a new loan.

2. The information that pertains to if you have ever purchased their credit monitoring service.


I am inclined to think it is the 1st one since 143 million people is just shy of half of the entire country's population...

Frankly they deserve to go out of business for this reason. Maybe that new one, Innovis, will do a better job at guarding our info.
 
I think I've had free credit monitoring service for the last 10 years due to someplace with my info getting hacked every couple of years. Pretty ridiculous that these places can't protect sensitive data these days with all the ways to encrypt and protect information.
 
Originally Posted By: Reddy45
Frankly they deserve to go out of business for this reason.

The company execs think so, which is why several of them sold all their shares in the company just after finding out about the breach. Nice, huh?
 
Quote:
Several readers who have taken my advice and placed security freezes (also called a credit freeze) on their file with Equifax have written in asking whether this intrusion means cybercriminals could also be in possession of the unique PIN code needed to lift the freeze.

So far, the answer seems to be “no.” Equifax was clear that its investigation is ongoing. However, in a FAQ about the breach, Equifax said it has found no evidence to date of any unauthorized activity on the company’s core consumer or commercial credit reporting databases.


https://krebsonsecurity.com/2017/09/breach-at-equifax-may-impact-143m-americans/#comments
 
Quote:
In a statement released this evening, Sen. Mark Warner (D-Va.) called the Equifax breach “profoundly troubling.”

“While many have perhaps become accustomed to hearing of a new data breach every few weeks, the scope of this breach – involving Social Security Numbers, birth dates, addresses, and credit card numbers of nearly half the U.S. population – raises serious questions about whether Congress should not only create a uniform data breach notification standard, but also whether Congress needs to rethink data protection policies, so that enterprises such as Equifax have fewer incentives to collect large, centralized sets of highly sensitive data like SSNs and credit card information on millions of Americans,” said Warner, who heads the bipartisan Senate Cybersecurity Caucus. “It is no exaggeration to suggest that a breach such as this – exposing highly sensitive personal and financial information central for identity management and access to credit– represents a real threat to the economic security of Americans.”


https://krebsonsecurity.com/2017/09/breach-at-equifax-may-impact-143m-americans/#comments

Probably a lot of members of congress will be personally effected by this breach. Hopefully this will motivate them to finally get serious about preventing identity theft in this country.
 
Originally Posted By: OneEyeJack
If you think that a pin number is a bullet proof lock you might be in for a surprise, some day.

Big bad wolfs guarding the fence, and they just get in trough the shiny front door...
 
Originally Posted By: SubLGT
Quote:
Several readers who have taken my advice and placed security freezes (also called a credit freeze) on their file with Equifax have written in asking whether this intrusion means cybercriminals could also be in possession of the unique PIN code needed to lift the freeze.

So far, the answer seems to be “no.” Equifax was clear that its investigation is ongoing. However, in a FAQ about the breach, Equifax said it has found no evidence to date of any unauthorized activity on the company’s core consumer or commercial credit reporting databases.


https://krebsonsecurity.com/2017/09/breach-at-equifax-may-impact-143m-americans/#comments


Hummm..... Time to change my PIN !!
 
Funny thing, I had two cards hacked in July and I thought it was due to online purchases I made at the same web site. Started the whole identity theft thing and my info is frozen/locked on all three reporting agencies. Yet, I recently received a letter from a credit card issuer asking me to call to verify info on an account I recently tried to open -- which I didn't open. So much for locking one's info at the agencies...
mad.gif
 
Originally Posted By: opus1
Funny thing, I had two cards hacked in July and I thought it was due to online purchases I made at the same web site. Started the whole identity theft thing and my info is frozen/locked on all three reporting agencies. Yet, I recently received a letter from a credit card issuer asking me to call to verify info on an account I recently tried to open -- which I didn't open. So much for locking one's info at the agencies...
mad.gif



Lock down your Innovis report too. 4th agency.
 
Originally Posted By: LoneRanger
Not too much the thugs can do with my info-- all four of my credit files are locked/frozen and require PIN to unlock before any inquiries can process through for new credit, if someone applies for a loan or card in my name and ssn, etc. It works. I had to unlock my credit file for the bank to approve me for my recent motorcycle loan. Dealership finance mgr called me and was like "hey bank needs you to unlock your TransUnion file so they can do the approval process..." I Logged on, unlocked it, the bank did their thing, 30 minutes later I locked it down again.



I've been doing exactly that for about 10 years now and it works. I wonder if they somehow got the pin too. This is exactly what Lifelock does for you, but they hold the pin and charge you X dollars per month.
 
Nothing is impenetrable ... sadly ...

I've had my credit locked at all four agencies for some time now.

I can only assume if the bulk of the personal data was grabbed from Equifax, then the PINs were also grabbed, which makes the "lock" worthless when someone else has the "key".
 
Update from Brian Krebs:

Quote:
...As many readers here have shared in the comments already, the site Equifax has available for people to see whether they were impacted by the breach may not actually tell you whether you were affected…

...Update, 11:40 p.m. ET: At a reader’s suggestion, I used a made-up last name and the last six digits of my Social Security number: The system returned the same response: Come back on Sept. 13. It’s difficult to tell if the site is just broken or if there is something more sinister going on here.

Also, perhaps because the site is so new and/or because there was a problem with one of the site’s SSL certificates, some browsers may be throwing a cert error when the site tries to load. ..
 
Status
Not open for further replies.
Back
Top