The Equifax Data Breach
Equifax is one of the three major credit reporting agencies (CRAs) in the US. The other two are TransUnion and Experian. These agencies maintain records on all Americans’ credit history by gathering data from firms that issue credit, such as credit card companies, banks, and credit unions.
On Sep 7, 2017, Equifax reported that hackers had exploited a vulnerability in its US website application to gain access to certain files from mid-May through July 2017.
Roughly 145.5M US customers could be affected
The hackers accessed personal data, including Social Security numbers, birth dates, addresses, and, in some cases, driver’s license numbers. They also stole credit card numbers for approximately 209,000 US consumers, as well as dispute documents—used to dispute errors on credit reports—with personal identifying information for approximately 182,000 US consumers. Some UK and Canadian residents may have also had personal data compromised.
If you are an American citizen or US resident and you have ever applied for credit, you could have been affected by the breach, according to the Identity Theft Resource Center. (After all, 143 million people represents 44% of the US population.) Says ITRC: “The breach may also impact minor children whose parents have submitted documentation to the CRAs for the purposes of checking on or protecting their credit information, even if a credit report or score was never established”.
Equifax knew about the hack more than a month before they reported it
The company discovered the breach on July 29 and chose not to publicly disclose it until September. Adding insult to injury, three Equifax executives sold nearly $2 million in company stock before the announcement. The company maintains that its executives “had no knowledge that an intrusion had occurred at the time they sold their shares”.
After they went under federal investigation, the company established a website to help consumers find out whether their data had been compromised; it also offered them the opportunity to sign up for credit-file monitoring and identity-theft protection (for the low, low price of $16.95/month).
When the Equifax recovery site first launch, it included a clause stating that anyone signing up for protective services waived their rights to participate in any class-action lawsuits against the company. After intense public and media outcry, the company eventually removed the clause.
Article source: Quartz