Equifax Says Breach Affects 143 Million Americans

Equifax, one of the three largest credit agencies in the United States, disclosed Thursday afternoon it’s looking into a data breach that may have affected upwards to 143 million Americans.

Equifax, one of the three largest consumer credit reporting agencies in the United States, disclosed Thursday afternoon it’s looking into a data breach that may have affected upwards to 143 million Americans.

The company said in a statement on its site that cybercriminals managed to exploit an unnamed U.S. website application vulnerability earlier this year, from mid-May through July, to access sensitive data in its systems.

According to the company the attackers managed to access information containing Social Security numbers, birth dates, addresses, and some driver’s license numbers.

Equifax said it discovered the intrusion on July 29, meaning attackers apparently had access to the company’s files for nearly 12 weeks.

The company is warning attackers accessed credit card numbers belonging to 209,000 U.S. customers and additional documents containing personally identifiable information (PII) for 182,000 other Americans.

U.S. customers weren’t alone; the company says limited personal information belonging to UK and Canadian residents was also accessed. The company did not disclose exactly what type of data was accessed but said it was working with UK and Canadian regulators to determine the next steps. The company says outside of the UK, US, and Canada, consumers in other countries are not affected.

The company says it’s investigation is ongoing but that concerned Americans can visit a website, equifaxsecurity2017.com to determine if they’ve been impacted, file for credit monitoring, and keep up to date on news around the breach.

The company handles data on more than 820 million customers and 91 million businesses worldwide.

Suggested articles

Discussion

  • Brian on

    That link is unhelpful. First it tells me to try again on date on it. And out of curiosity I tried again on second time, it said my data is secured. I am more confused and angry.
    • James on

      That Equifax site is indeed a mess. Something fishy here, have a feeling things are going to get a lot worse for this company and their incident response before they get better.
  • M. A. on

    Are people with credit file freezes protected, or were details about those freezes leaked as well?
  • Privacy_Lost on

    Does using the tool at http://www.equifaxsecurity2017.com affect your legal rights? See http://www.equifax.com/terms/ at the bottom of that page AGREEMENT TO RESOLVE ALL DISPUTES BY BINDING INDIVIDUAL ARBITRATION. PLEASE READ THIS ENTIRE SECTION CAREFULLY BECAUSE IT AFFECTS YOUR LEGAL RIGHTS BY REQUIRING ARBITRATION OF DISPUTES (
  • joe on

    Be careful, by signing up for their 1 year of free id theft protection, you wavier the rights to sue them for damages caused by the breach.
  • Celyle on

    Equifax is deflecting. Even if Apache Struts had an unknown vulnerability, there is no excuse for millions of PII records to be within reach of servers also accessible from the Internet. Everyone involved with Equifax network architecture should resign in shame.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.