Equifax massive data breach: 143Mil people's SS#, driver's licenses stolen

143 MILLION people's Social Security numbers, driver's licenses and other personal details may have been stolen in massive cybersecurity hack of credit agency Equifax
By Afp and Daniel Roth

Credit agency giant Equifax said on Thursday that a breach of its cybersecurity system may have affected 143 million consumers in the United States as well as some data for British and Canadian residents.

The company, which safeguards financial data for consumers applying for credit, said in a statement it learned of the breach on July 29 and 'acted immediately' with the assistance of an independent cybersecurity firm to assess the impact.

'Criminals exploited a US website application vulnerability to gain access to certain files,'

To put that in perspective, the breach affected well over a third of the population in America, which stood at 324 million as of January 1, 2017, according to the US Census Bureau.

Shares of the company's stock dropped more than five per cent during after-hours trading, CNBC noted.

The data collected by the cyber-thieves contained a trove private information including names, birth dates, Social Security numbers, addresses and driver's licenses of consumers.

The company said that more than 200,000 credit card numbers were illegally obtained, in addition to 'certain dispute documents with personal identifying information for approximately 182,000 US consumers.'

'This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,' said company chairman and chief executive Richard Smith.

'I apologize to consumers and our business customers for the concern and frustration this causes. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.'

Equifax said it had established a website to enable consumers to determine if they are affected and would be offering free credit monitoring and identity theft protection to customers.

************
ASSHOLES were probably too cheap to encrypt. Plus they waited for over a month to announce this breach.
Sign up before end of Nov to check if your info was stolen.

Here's the link to check...
https://www.equifaxsecurity2017.com/potential-impact/

 

More on this from WP..

Equifax said the breach began in May and continued until it was discovered in late July. It said hackers exploited a "website application vulnerability" and obtained personal data about British and Canadian consumers as well as Americans. Social Security numbers and birth dates are particularly sensitive data, giving those who possess them the ingredients for identity fraud and other crimes.

Equifax also lost control of an unspecified number of driver's licenses, along with the credit card numbers for 209,000 consumers and credit dispute documents for 182,000 others. The company said it did not detect intrusions into its "core consumer or commercial credit reporting databases."

Equifax is one of the largest U.S.-based credit reporting agencies that collect and analyze detailed records of financial data for a wide range of consumers worldwide. The judgments of these companies about the creditworthiness of individuals can affect their ability to gain loans, housing and jobs, while also determining the interest rates on consumer products.

"It is no exaggeration to suggest that a breach such as this — exposing highly sensitive personal and financial information central for identity management and access to credit — represents a real threat to the economic security of Americans," Senator Mark Warner said in a statement...


More notable info in link
https://www.washingtonpost.com/busi...ae6f82-941a-11e7-b9bc-b2f7903bab0d_story.html

 

Hmmmm...they sound like extra special a-holes..


Although Equifax is widely known as a credit reporting agency, the company is also involved in the collection and sale of consumer data — a lucrative and loosely regulated industry that in 2013 attracted the scrutiny of Senate investigators.

In one report, the Senate Commerce Committee found that such data brokers were responsible for slicing up consumer data and categorizing Americans according to their financial characteristics, using labels such as "X-tra Needy," "Fragile Families" and "Ethnic Second-City Strugglers" to describe the financially vulnerable.

Critics say the practice allows for the targeting and marketing of predatory financial instruments, and that the labels reflect a fundamental callousness about the industry.

 

Just checked mine...

Thank You
Based on the information provided, we believe that your personal information was not impacted by this incident.

Click the button below to continue your enrollment in TrustedID Premier


For more information visit the FAQ page.

 

This is a colossal fuck up. It's criminally negligent. People should be prosecuted but I'm sure they won't be.

 

Yeah....and now there is a massive class action lawsuit.

EQUIFAX CLASS ACTION FILED AFTER DATA BREACH OF 143M CONSUMERS
By Christina Davis

The credit reporting company, Equifax, has been hit with a class action lawsuit over a recently announced massive data breach affecting 143 million consumers.
Lead plaintiffs, James McGonnigal and Brian Spector, allege in their class action lawsuit that Equifax failed to adequately protect the consumer data it collects, including millions of Social Security numbers, names, email addresses, birthdates, and other personal information lost to cyber thieves.

Further, allege the plaintiffs, Equifax unreasonably delayed announcing the cyber breach, costing consumers precious time to protect their identity from hackers, so Equifax execs could sell off their stock in the company before the announcement.

According to the class action lawsuit, Equifax discovered the breach on July 29, 2017; however, the public was not informed until Sept. 7.

“Instead [of announcing], Equifax executives sold at least $1.8 million worth of shares before the public disclosure of the breach. It has been reported that its Chief Financial Officer John Gamble sold shares worth $946,374, its president of U.S. information solutions, Joseph Loughran, exercised options to dispose of stock worth $584,099, and its president of workforce solutions, Rodolfo Ploder, sold $250,458 of stock on August 2, 2017,” the Equifax class action lawsuit states.

CNN reports that the massive data breach affecting an estimated 143 million occurred between mid-May and July of this year. The breach included a huge breadth of information, including names, Social Security numbers, birth dates, addresses, credit card numbers, and driver’s license numbers, reports CNN. This breach is different from others, says the news agency, because individuals may not even know they are customers of Equifax.

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” said CEO Richard Smith said in a statement reported by USA Today. “I apologize to consumers and our business customers for the concern and frustration this causes.”

According to the class action lawsuit, Equifax could have avoided the breach, but failed to take adequate measures to ensure its data systems were protected. Further, say the plaintiffs, the credit reporting company failed to monitor and detect the breach in a timely manner.

“Equifax’s negligent failure to maintain reasonable procedures is supported by, among other things, former employees’ admissions that Equifax’s data security practices have deteriorated in recent years, and Equifax’s numerous other data breaches in the past,” alleges the complaint. “Further, as an enterprise claiming to be an industry leader in data breach prevention, Equifax was well aware of the importance of the measures organizations should take to prevent data breaches, yet failed to take them.”

Equifax has set up a website to help consumers figure out if their information was affected by the data breach. The company says it will provide credit monitoring and identity theft protection for those affected. However, some of the language in the initial agreement fell under scrutiny as it appeared to force consumers to waive their rights to pursue litigation if they accepted the free credit monitoring.

New York Attorney General Eric Schneiderman announced on Twitter Friday that Equifax’s arbitration clause was “unacceptable and unenforceable.” Schneiderman’s office ended up contacting Equifax to demand its removal.

Since then, Equifax appears to have clarified its position on forced arbitration regarding the massive security breach by releasing the following statement on its website: “In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident.”

The plaintiffs seek to represent a nationwide Class of consumers whose personal information was accessed during the Equifax data breach. The plaintiffs are seeking damages and reimbursement as well as a court order requiring Equifax to implement systems to protect peoples’ personal information in the future.

McGonnigal and Spector are represented by Roy E. Barnes, John R. Bevis, and Cameron Tribble of Barnes Law Group LLC, and John Yanchunis and Marisa Glassman of Morgan & Morgan Complex Litigation Group.

The Equifax Massive Data Breach Class Action Lawsuit is James McGonnigal, et al. v. Equifax Inc., Case No. 1:17-cv-03422-WSD, in the U.S. District Court for the Northern District of Georgia, Atlanta Division.

UPDATE: On Sept. 12, 2017, Equifax announced onTwitter that it will be waiving security freeze fees for the next 30 days. To initiate a credit freeze visit freeze.equifax.com. If you get an error message, you can also request a security freeze by calling Equifax directly at 1-800-685-1111 or by providing the information in writing. More information on how to place a credit freeze can be found here.
https://www.equifaxsecurity2017.com

 

Heard on Clark Howard who said to get a Credit Freeze.