Equifax got hacked - 143 million people affected

Status
Not open for further replies.
Joined
May 4, 2007
Messages
939
Location
IL
Hackers Accessed The Personal Data Of 143 Million People, Equifax Says Equifax, an international credit reporting agency, has announced that a cybersecurity breach exposed the personal information of 143 million U.S. consumers. In a statement released Thursday, the Atlanta-based agency acknowledged that "criminals exploited a U.S. website application vulnerability to gain access to certain files." Those files include data such as Social Security numbers, birthdates and addresses — and, Equifax adds, "in some instances, driver's license numbers." For a span of roughly two months — from mid-May through July 29, when Equifax says it uncovered the breach — hackers had access to this information, as well as the credit card numbers of about 209,000 consumers and "certain dispute documents with personal identifying information" of about 182,000. All told, the number of American consumers affected constitutes about 44 percent of the U.S. population. Equifax did not explain why more than two months passed before it discovered the hack, which also affected an unspecified number of consumers from Canada and the U.K. However, the agency is careful to note, it "has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases." "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes," said Chairman and CEO Richard F. Smith said in a statement. Equifax handles the data of more than 820 million people and more than 91 million businesses worldwide, the agency says on its website, to transform "knowledge into insights that help make more informed business decisions." As gargantuan as the numbers may be, The New York Times points out this is not the largest data breach in history. That dubious distinction goes to Yahoo, which nearly a year ago announced that the personal information of at least 500 million people had been stolen. Just months later, the company said hackers stole data associated with more than 1 billion user accounts. Equifax, for its part, says it has been in touch with law enforcement and that it has set up a website for consumers to determine whether they have been affected by the breach announced Thursday. It has also set up a call center at 866-447-7559 for the same purpose.
 
Joined
Jul 2, 2007
Messages
5,294
Not too much the thugs can do with my info-- all four of my credit files are locked/frozen and require PIN to unlock before any inquiries can process through for new credit, if someone applies for a loan or card in my name and ssn, etc. It works. I had to unlock my credit file for the bank to approve me for my recent motorcycle loan. Dealership finance mgr called me and was like "hey bank needs you to unlock your TransUnion file so they can do the approval process..." I Logged on, unlocked it, the bank did their thing, 30 minutes later I locked it down again.
 
Joined
Jul 2, 2007
Messages
5,294
P.S. to everyone: There's a 4th credit bureau now called Innovis. They're sort of a lite version but still archive consumer credit data and function similar to the big three credit bureaus. Locked my Innovis report down as well... five digit PIN if I remember right.
 
Joined
Apr 13, 2013
Messages
3,112
Equifax set up a website where you can "check" to see if your data was compromised. I tried it and it's garbage. Instead of telling me yes or no, it just gives a date to come back and sign up for their complimentary monitoring service. [censored]? I smell a class action lawsuit.
 
Last edited:
Joined
Aug 15, 2008
Messages
4,963
It isn't clear to me if the database that was hacked was: 1. The information that they store on EVERYONE. This would be the information that is referenced when you apply for a new loan. 2. The information that pertains to if you have ever purchased their credit monitoring service. I am inclined to think it is the 1st one since 143 million people is just shy of half of the entire country's population... Frankly they deserve to go out of business for this reason. Maybe that new one, Innovis, will do a better job at guarding our info.
 

ZeeOSix

$100 site donor 2022
Joined
Jul 22, 2010
Messages
35,744
Location
PNW
I think I've had free credit monitoring service for the last 10 years due to someplace with my info getting hacked every couple of years. Pretty ridiculous that these places can't protect sensitive data these days with all the ways to encrypt and protect information.
 
Joined
Mar 26, 2016
Messages
100
Location
USA
Originally Posted By: Reddy45
Frankly they deserve to go out of business for this reason.
The company execs think so, which is why several of them sold all their shares in the company just after finding out about the breach. Nice, huh?
 
Joined
Jan 31, 2006
Messages
4,109
Location
Idaho
Quote:
Several readers who have taken my advice and placed security freezes (also called a credit freeze) on their file with Equifax have written in asking whether this intrusion means cybercriminals could also be in possession of the unique PIN code needed to lift the freeze. So far, the answer seems to be “no.” Equifax was clear that its investigation is ongoing. However, in a FAQ about the breach, Equifax said it has found no evidence to date of any unauthorized activity on the company’s core consumer or commercial credit reporting databases.
https://krebsonsecurity.com/2017/09/breach-at-equifax-may-impact-143m-americans/#comments
 
Joined
Jan 31, 2006
Messages
4,109
Location
Idaho
Quote:
In a statement released this evening, Sen. Mark Warner (D-Va.) called the Equifax breach “profoundly troubling.” “While many have perhaps become accustomed to hearing of a new data breach every few weeks, the scope of this breach – involving Social Security Numbers, birth dates, addresses, and credit card numbers of nearly half the U.S. population – raises serious questions about whether Congress should not only create a uniform data breach notification standard, but also whether Congress needs to rethink data protection policies, so that enterprises such as Equifax have fewer incentives to collect large, centralized sets of highly sensitive data like SSNs and credit card information on millions of Americans,” said Warner, who heads the bipartisan Senate Cybersecurity Caucus. “It is no exaggeration to suggest that a breach such as this – exposing highly sensitive personal and financial information central for identity management and access to credit– represents a real threat to the economic security of Americans.”
https://krebsonsecurity.com/2017/09/breach-at-equifax-may-impact-143m-americans/#comments Probably a lot of members of congress will be personally effected by this breach. Hopefully this will motivate them to finally get serious about preventing identity theft in this country.
 
Joined
Aug 12, 2011
Messages
4,111
Location
IL/GA ,USA
Originally Posted By: OneEyeJack
If you think that a pin number is a bullet proof lock you might be in for a surprise, some day.
Big bad wolfs guarding the fence, and they just get in trough the shiny front door...
 
Joined
Jul 2, 2007
Messages
5,294
Originally Posted By: SubLGT
Quote:
Several readers who have taken my advice and placed security freezes (also called a credit freeze) on their file with Equifax have written in asking whether this intrusion means cybercriminals could also be in possession of the unique PIN code needed to lift the freeze. So far, the answer seems to be “no.” Equifax was clear that its investigation is ongoing. However, in a FAQ about the breach, Equifax said it has found no evidence to date of any unauthorized activity on the company’s core consumer or commercial credit reporting databases.
https://krebsonsecurity.com/2017/09/breach-at-equifax-may-impact-143m-americans/#comments
Hummm..... Time to change my PIN !!
 
Joined
Dec 13, 2004
Messages
3,320
Location
Chicago Area
Funny thing, I had two cards hacked in July and I thought it was due to online purchases I made at the same web site. Started the whole identity theft thing and my info is frozen/locked on all three reporting agencies. Yet, I recently received a letter from a credit card issuer asking me to call to verify info on an account I recently tried to open -- which I didn't open. So much for locking one's info at the agencies... mad
 
Joined
Jul 2, 2007
Messages
5,294
Originally Posted By: opus1
Funny thing, I had two cards hacked in July and I thought it was due to online purchases I made at the same web site. Started the whole identity theft thing and my info is frozen/locked on all three reporting agencies. Yet, I recently received a letter from a credit card issuer asking me to call to verify info on an account I recently tried to open -- which I didn't open. So much for locking one's info at the agencies... mad
Lock down your Innovis report too. 4th agency.
 
Joined
May 12, 2003
Messages
7,829
Location
Oklahoma
Originally Posted By: LoneRanger
Not too much the thugs can do with my info-- all four of my credit files are locked/frozen and require PIN to unlock before any inquiries can process through for new credit, if someone applies for a loan or card in my name and ssn, etc. It works. I had to unlock my credit file for the bank to approve me for my recent motorcycle loan. Dealership finance mgr called me and was like "hey bank needs you to unlock your TransUnion file so they can do the approval process..." I Logged on, unlocked it, the bank did their thing, 30 minutes later I locked it down again.
I've been doing exactly that for about 10 years now and it works. I wonder if they somehow got the pin too. This is exactly what Lifelock does for you, but they hold the pin and charge you X dollars per month.
 

dnewton3

Staff member
Joined
May 14, 2007
Messages
9,881
Location
Indianapolis, IN
Nothing is impenetrable ... sadly ... I've had my credit locked at all four agencies for some time now. I can only assume if the bulk of the personal data was grabbed from Equifax, then the PINs were also grabbed, which makes the "lock" worthless when someone else has the "key".
 
Joined
Jan 31, 2006
Messages
4,109
Location
Idaho
Update from Brian Krebs:
Quote:
...As many readers here have shared in the comments already, the site Equifax has available for people to see whether they were impacted by the breach may not actually tell you whether you were affected… ...Update, 11:40 p.m. ET: At a reader’s suggestion, I used a made-up last name and the last six digits of my Social Security number: The system returned the same response: Come back on Sept. 13. It’s difficult to tell if the site is just broken or if there is something more sinister going on here. Also, perhaps because the site is so new and/or because there was a problem with one of the site’s SSL certificates, some browsers may be throwing a cert error when the site tries to load. ..
 
Status
Not open for further replies.
Top