Nearly half of the U.S. population may be affected by a stunning cyberattack on the consumer credit scoring company Equifax, the biggest such breach this year and one of a recent series of massive corporate hacks. This time they got Social Security numbers, and experts say it’s a watershed moment in breaches.
Equifax announced the breach Thursday evening, saying hackers had exploited a vulnerability on an Equifax web application between May and July and accessed the information of 143 million people, including names, Social Security numbers, birth dates, addresses, and some driver’s license numbers. The company has set up a website — www.equifaxsecurity2017.com — to allow consumers to figure out whether their information was compromised, but many users were concerned the process was again putting them at risk. Millions of people use Equifax to get their credit scores to rent properties, buy cars or get student loans.
Equifax learned of the hack at the end of July but waited until Thursday to go public with the news, not uncommon for major corporate hacks. Other recent cyberattacks have affected a bigger number of user accounts, such as the Yahoo breaches announced last year that were thought to be largest of all time.
But the Yahoo hack did not expose identifying information such as Social Security numbers, and a comparable breach at the health insurer Anthem in 2015 affected about 50 million fewer people. Experts are already calling the Equifax hack a watershed event.
“This breach is totally inexcusable. This wasn’t a technical assault – this was a simple access by hackers through a web application that was not properly secured,” said Mike Schultz, CEO of the corporate cybersecurity software firm Cybernance, in a statement. “This critical breakdown of internal defenses is no different than every major breach of significance in the past two years, but the sensitive information accessed points to extreme danger for the personal wealth and financial health of our economy. This is the 9/11 moment that the [National Infrastructure Advisory Council] has been warning about.”
To figure out if your information has been affected by the breach, check this link to see what extra rights you may have from your state government, and then follow these steps:
- Visit www.equifaxsecurity2017.com
- Click on the tab that says, “Potential Impact”
- Then click on the “Check Potential Impact” button, and enter the necessary information
For more details on what consumers should know about preventing identity theft in the wake of a breach, the FTC also has some helpful tools.
Equifax shares were down more than 15 percent as of Friday morning. The Federal Trade Commission — the enforcement agency on matters related to data security — did not immediately respond to a request for comment.
Three senior Equifax executives sold almost $1.8 million in company stock in the days after the hack was discovered, according to multiple reports; Equifax told Bloomberg that the executives were unaware of the hack at the time, and that it was a “small percentage” of the stock they held.