Equifax reported a cyber attack yesterday which may impact 143 million U.S. customers. The agency stated that the attackers hacked a U.S. based website application to gain access to files.
The hackers were able to obtain customer information including, social security numbers, birth dates, addresses and driver’s license numbers, Equifax said in a statement.
On the Equifax website they stated,” No Evidence of Unauthorized Access to Core Consumer or Commercial Credit Reporting Databases” and they are said to offer identity theft protection to all U.S. customers,” Company to Offer Free Identity Theft Protection and Credit File Monitoring to All U.S. Consumers”.
This cyber attack was one of the most intrusive breaches in history.
Here is their official statement,
September 7, 2017 — Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.
The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted.Equifax discovered the unauthorized access on July 29 of this year and acted immediately to stop the intrusion. The company promptly engaged a leading, independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Equifax also reported the criminal access to law enforcement and continues to work with authorities. While the company’s investigation is substantially complete, it remains ongoing and is expected to be completed in the coming weeks.