This could be the mother of all cyberattacks; Equifax just announced that it experienced a "cybersecurity incident" that occurred between mid-May of this year through late July. During that time, malicious parties were able to gain access to some of its online databases courtesy of a website vulnerability. As a result, over 143 million -- yes, MILLION -- U.S. consumers are affected by the data breach.
We're not just talking about names and birth dates (yes, those were included), but also Social Security numbers. In some cases, even driver license numbers were obtained by the hackers. And that's not all; dispute documents with "personal identifying information" of 182,000 customers was accessed along with the credit card numbers from 209,000 U.S. consumers.
In other words, this breach was wide-ranging and affects nearly half of the U.S. population. But it wasn't just Americans that were affected; citizens of two of our closest allies were also caught up in this travesty -- although to a much smaller degree.
"As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents," Equifax explains. "Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted."
Even though the initial breach occurred all the way back in May, Equifax says that it wasn't until July 29th that it realized that someone had entered through its backdoor. Once discovered, the company enlisted the help of a "leading, independent cybersecurity firm" to perform forensic analysis of the cyber intrusion.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Equifax CEO Richard F. Smith. “We [are] focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”
To see if your personal information was among the millions of others that were stolen, you can visit equifaxsecurity2017.com. If you are among the many victims (and there’s a good chance that you are), Equifax is offering a year of credit monitoring for free; although that seems like a small token gesture for this epic cybersecurity fail.