In case you haven’t already heard about it, there was a massive security breach at Equifax, a credit reporting company, that leaked sensitive information affecting around 150 million people. The sensitive data included Social Security Numbers, Addresses or Phone numbers. And the fact that makes this data leak even more impressive compared with others is that most of the affected people might not even be aware. Here’s the complete coverage of the data breach:
The size of the breach
According to the company official statement, around 143 million people were affected in the United States alone and there were victims from UK and Canada as well but no estimation has been given for that. What’s even worse is that, besides of the SSN and personal info like phone numbers and physical addresses, more than 20000 US citizens got their card numbers compromised, making this breach one of the most severe in history.
When and how did it happen?
Equifax were unable to pinpoint the exact date of the hack, especially considering that it seems to have happened over several days. However, officials stated that, according to investigations, the hack happened between May and July and it was discovered on the 29th of July by security experts inside the company. The public was not informed until the 7th of September though and that is another point of criticism for Equifax.
Asked about the circumstances that lead to this breach, the Equifax officials said that the hackers managed to exploit website application vulnerability and gained access to several files that contained the sensitive info they stole. Even with the size of the breach, company officials are still quite quiet about the whole thing.
Who was behind the attack?
Once again, Equifax did not manage to give a clear answer in this regard. They decided to hide behind the fact that an investigation is taking place since they found out about the breach and that they will come back with clarifications once the investigation is over. Of course, according to this event, rumors already started pointing towards several Russian or North Korean hacker groups as possible authors.
How can you check if you are at risk?
The odd thing about this hack is that most of the data stolen from Equifax belong to persons that were not even aware that they exist in such a database. How was this possible, you may ask? Well, because they gather data from credit card companies, retailers, banks and lenders and some of them are not obliged to notify the customers about giving that data to such a third party as Equifax.
They advise customers to go for credit file monitoring and identity theft protection through their TrustedID Premier service regardless of the fact that you have been a victim of the hack or not. In order to find out if you were among the victims of the attack, you should check on their website by providing your last name and last six digits of your social security number. This checks their database and notifies you almost instantly if you were among the victims of the data leak or not.
Who is investigating this breach?
The first independent investigation was launched by the New York Attorney General, followed by a Congressman that sent a letter to House Judiciary Committee Chairman regarding the initiation of an official investigation on the same subject. Besides this, the Consumer Financial Protection Bureau is also looking into the attack as well. They issued a press release saying that their institution is authorized to take action against other institutions that might be engaged in unfair or abusive acts of practices or that violate federal consumer financial laws. In the ending of the press release, their spokesman also mentioned that they are looking into the data breach and collaborating with Equifax but cannot further comment on the topic.
Is Equifax the biggest data breach recorded?
While the hack attaches that affected Equifax is, indeed, very large in terms of affected individuals and the severity of data that was made accessible to people with not-so-good intentions, this is not the biggest data leak in history. Just recently, the online giant Yahoo was attacked and almost 1 billion accounts were breached then. Fortunately, the data was not as sensitive as being able to steal Social Security Numbers or Credit Card numbers but the violation of privacy is sometimes worse.
As a bottom line, as long as big companies that handle sensitive data won’t dedicate a lot of attention safeguarding themselves and the info they possess from this kind of attacks and hackers, no info is safe. This doesn’t necessarily mean that you can’t trust giving your personal info online, however, make sure to double check IF they have a security system and how effective is it. That may seem like an odd question for their support operators, however, we’re living in the modern era. So, stay safe and only work with a trusted system that shows clear signs of anti-theft protection.