Equifax, which is one of the three big consumer credit reporting agencies, suffered a major cybers intrusion between mid-May through July 2017 that potentially impacts some 143 million U.S. consumers.
The company said the attackers exploited a U.S. website application vulnerability to gain access to certain files, but not its core consumer or commercial credit reporting databases. Equifax said information stolen could include names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, the intruders accessed credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Chairman and Chief Executive Officer, Richard F. Smith. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”
