On July 29, 2017, Equifax discovered that attackers had gained unauthorized access to private data belonging to an estimated 143 million Americans by exploiting a vulnerability in a website application. It is unknown at this point whether said vulnerability was a zero-day or had already been patched. The former would indicate that other companies could have also been attacked, while the latter would reflect on Equifax’s overall security posture.
According to Equifax, online criminals maintained their presence from mid-May through July 2017 and had access to:
- Social Security numbers
- Birth dates
- Driver’s license numbers (in some cases)
- Credit card numbers (for approx. 209,000 U.S. consumers)
It also said that some personal information for certain UK and Canadian residents was part of this breach.
This is obviously bad news for consumers and it will only increase the lack of trust they have towards corporations that collect and store their data. It also serves as a reminder that there are ways to be proactive and exercise your right to have access to your information and put certain restrictions in place to make identity theft harder.
Equifax is offering a free identity theft protection and credit file monitoring to all of its U.S. customers while still investigating the intrusion, working along with a private firm and law enforcement. More information about this breach and how to apply for ID theft protection can be found by going to equifaxsecurity2017.com, a website Equifax has just set up.