143 Million Equifax Customers Become Victims of a Massive Cyber-Attack
Equifax, an Atlanta-based consumer credit reporting agency, has confirmed that a massive cyber attack has led to one of the biggest data breaches in the US history. It is believed that 143 million customers in the United States could be affected by it. It is believed that the UK and Canada-based customers could have been affected too. The company turned to Twitter on September 7th to inform that an attack targeted at consumer information was detected. According to an official statement, the breach happened due to the application vulnerability with Apache Struts, CVE-2017-5638. At this point, all Equifax users are advised to check if their personal data was breached, as well as to freeze their accounts to ensure that cyber attackers cannot exploit the leaked data.
According to Equifax, the information leaked during the data breach includes “names, Social Security numbers, birth dates, addresses and […] driver’s license numbers.” It was also reported that credit card numbers of 209,000 customers had been leaked as well. According to the bbc.com interview with Avivah Litan, this data breach is one of the worst ones to hit the credit reporting system, primarily because every company uses the same kind of information. Unsurprisingly, the extent of this attack has even prompted legislatures to propose new bills that could ensure better protection of customers’ data in the future. Equifax alone has over 800 million customers, but it is not the only company that could be – or could have been – targeted by virtual attackers. The Apache Struts 2 vulnerability linked to the Equifax data breach puts many web applications at risk, and it is possible that we will hear about other attacks in the near future. Without a doubt, if new data breaches occur, we will report them immediately.
The officials of Equifax report that the data breach occurred during the period from May to July, which allowed attackers to record a great deal of information. To inform the millions of customers that were affected by the data breach, the company set up www.equifaxsecurity2017.com. All of the latest updates and information are provided via this website. It also offers to enroll in the so-called “identity theft protection and credit file monitoring services” via equifaxsecurity2017.com/enroll/. Every Equifax customer must go through with this enrollment to check if their data had been breached. If the customer is informed about the leak of their personal information, it is suggested that they place a Security Freeze, which is meant to ensure “protection against improper activity.” The victims of the massive cyber attack can go to http://www.equifax.com/CreditReportAssistance/?/CreditReportAssistance to place a Security Freeze. At this moment, due to the volume of victims, users report being unable to access the site or finalize the freeze. A call line at 866-447-7559 has also been set up to assist victims from 7 am to 1 am ET.
At this time, Equifax reports that the vulnerability has been patched and a cybersecurity firm has been employed to help the company set up better protection in the future. Besides checking if their personal data had been breached and freezing their accounts, customers are also recommended to be extremely vigilant about their account statements and credit reports to ensure that unauthorized activity is not overlooked. The story continues to develop, and we will find out pretty soon whether or not Equifax manages to get back on its feet and offer better protection for its customers. Since the breach occurred, the company’s shares have dropped 23%, which clearly indicates the overall mistrust. Some of it might be linked to the fact that, three senior executives at Equifax sold shares worth nearly $1.8 million. Of course, according to the official statement, these executives were not informed about the breach before the sale.