US-based credit monitoring service Equifax has reported a data breach of 143 million records.
Including names, social security numbers, dates of birth, addresses accessed by criminals and in some cases, driver license numbers, the breach was discovered on July 29th, but it was around six weeks later before the incident was disclosed to the world.
“Approximately 209,000 US consumers have also had their credit card numbers exposed, and about 182,000 other US consumers have had other personal identifying information accessed,” reported blogger and researcher Graham Cluley.
A number of hours before the story broke, Equifax tweeted about how to “Learn more about advanced protection measures” in a company newsletter. This was later deleted.
The company has set-up a website to allow consumers to see if their data was stolen, but according to Techcrunch, this sets the user up for TrustedID, a credit monitoring service owned by Equifax.
The website claims that the unauthorized access occurred from mid-May through to the discovery in July 2017, when it “acted immediately to stop the intrusion”.
It stated: “The company promptly engaged a leading, independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Equifax also reported the criminal access to law enforcement and continues to work with authorities. While the company’s investigation is substantially complete, it remains ongoing and is expected to be completed in the coming weeks.”
Chairman and Chief Executive Officer, Richard F. Smith called the incident “a disappointing event for our company, and one that strikes at the heart of who we are and what we do” and apologized to consumers and business customers “for the concern and frustration this causes”.
He said: “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all US consumers, regardless of whether they were impacted by this incident.
“I’ve told our entire team that our goal can’t be simply to fix the problem and move on. Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will.”
According to Bloomberg, three senior Equifax executives, including the CFO, president of US information solutions and president of workforce solutions, sold shares worth almost $1.8 million in the days after the breach was discovered.