More than 143 million Americans may have had their personal information compromised in a massive cybersecurity incident, announced Equifax Inc. According to the global information solutions company, criminals exploited a website application vulnerability to gain access to certain files from mid-May through July 2017, although the company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.
"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes," said Chairman and Chief Executive Officer, Richard F. Smith. He continued saying, "I’ve told our entire team that our goal can’t be simply to fix the problem and move on. Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will."
The information accessed primarily includes names, Social Security numbers, birth dates, addresses, and driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. Equifax discovered the unauthorized access on July 29, 2017, and promptly engaged an independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted.
To help consumers determine if their information was potentially impacted and to sign up for credit file monitoring and identity theft protection, Equifax has established a dedicated website, www.equifaxsecurity2017.com.
Sale of shares. The Securities and Exchange Commission has released information that three executive officers sold shares totaling $1.8 million on August 1 and 2, before the company publically reported the breach. Chief Financial Officer John Gamble sold shares worth $946,374; Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099; and Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock.
Congressional response. Responding to the security breach, House Majority Leader Kevin McCarthy (R-Calif) released a statementsaying, "Our public and private institutions continue to face onslaughts that threaten our national security, economy, and privacy. Had any of these attacks taken place in the physical world there would be a national call to action. We can no longer afford to ignore these threats simply because we cannot see them. Over the years, Congress has acted to establish better communication and coordination between the government and private companies to thwart attacks. We must build on these actions and recommit to a comprehensive approach to defend against and defeat cybercriminals and terrorists."
Ranking Member of the House Financial Services Committee Maxine Waters (D-Calif) emphasized that someone has to be punished for of one of the largest data breaches in the nation’s history. "Given the important role credit scores play in the lives and financial futures of hardworking Americans, Congress must diligently examine the way our credit reporting agencies are operating and impose additional statutory and regulatory reforms to protect the integrity of the country’s credit reporting system." Waters has previously sought reform of the credit report system (see Banking and Finance Law Daily, May 20, 2016).
Financial Services Committee Chair Jeb Hensarling (R-Texas) announced that the committee will hold a hearing on this "troubling" data breach. "Large-scale security breaches are becoming all too common. Every breach leaves consumers exposed and vulnerable to identity theft, fraud and a host of other crimes, and they deserve answers," said Hensarling.
Preventing identity theft. In the wake of such a troubling event, U.S. PIRG is seeking to inform U.S. consumers about how they can prevent identity thieves from opening new credit accounts in the first place. By placing a credit freeze on their account at all three national credit bureaus, potential creditors are prevented from seeing consumer credit history, without which new accounts are typically not opened.
Companies: Equifax Inc.; U.S. PIRG
MainStory: TopStory ConsumerCredit CyberPrivacyFeed IdentityTheft Privacy
Interested in submitting an article?
Submit your information to us today!Learn More