Yahoo – AFP,
Glenn CHAPMAN, September 8, 2017
San Francisco (AFP) - A major American credit reporting agency entrusted to safeguard personal financial information said Thursday hackers looted its system in a colossal breach that could affect nearly half the US population as well as people in Britain and Canada.
 |
| Hackers penetrated the computer network of credit reporting firm Equifax, the latest big company to report a major breach (AFP Photo/GREG BAKER) |
San Francisco (AFP) - A major American credit reporting agency entrusted to safeguard personal financial information said Thursday hackers looted its system in a colossal breach that could affect nearly half the US population as well as people in Britain and Canada.
Equifax
said that a hack it learned about on July 29 had the potential to affect 143
million US customers, and involved some data for British and Canadian
residents.
The
Atlanta-based company disclosed the breach in a release that did not explain
why it waited more than a month to warn those affected about a risk of identity
theft.
Filings
with the US Securities and Exchange Commission showed that three high-ranking
Equifax executives sold shares worth almost $1.8 million in the days after the
hack was discovered.
An Equifax
spokesperson told AFP the executives "had no knowledge that an intrusion
had occurred at the time they sold their shares."
Copies of
SEC filings regarding the transactions were on an investor relations page at
the company's website.
Equifax
collects information about people and businesses around the world and provides
credit ratings used for decisions regarding loans and other financial matters.
It also
touts a service protecting against identity theft.
"The
fact that it is a credit company that people pay to be protected from breaches,
and now they have been breached... it feels like a betrayal of trust to a
point," said Aires Security chief executive Brian Markus, whose firm
specializes in computer network defenses.
He
considered the breach "gigantic," made worse by the fact that Equifax
stores extensive personal information about people and keeps it up to date.
Markus
wondered what level of responsibility Equifax is going to take if stolen
information is used for fraud or identity theft, and advised people to enlist
credit monitoring services to alert them to trouble.
'Strikes
at the heart'
Equifax
released a statement saying that it learned of the breach on July 29 and
"acted immediately" with the assistance of an independent
cybersecurity firm to assess the impact.
"Criminals
exploited a US website application vulnerability to gain access to certain
files," the statement said.
An internal
investigation determined the unauthorized access occurred from mid-May through
July 2017, according to the company.
Equifax
said the hackers obtained names, social security numbers, birth dates,
addresses and, in some instances, driver's license numbers from the database,
potentially opening up victims to identity theft.
The company
said credit card numbers were compromised for some 209,000 US consumers, as
were credit dispute documents for 182,000 people.
Equifax
vowed to work with British and Canadian regulators to determine appropriate
next steps for customers affected in those countries, but added in the release
that it "found no evidence that personal information of consumers in any
other country has been impacted."
"This
is clearly a disappointing event for our company, and one that strikes at the
heart of who we are and what we do," said company chairman and chief
executive Richard Smith.
"I
apologize to consumers and our business customers for the concern and
frustration this causes."
He added
that Equifax is reviewing its overall security operations.
Equifax
said it had established a website to enable consumers to determine if they are
affected and would be offering free credit monitoring and identity theft
protection to customers.
The company
is the latest to announce a major breach. Yahoo last year disclosed two
separate cyber attacks which affected as many as one billion accounts.
More than
400 million accounts were affected by a breach disclosed last year at the
hookup site Adult Friend Finder, and other firms affected in recent years
included Heartland Payment Systems and retail giant Target.
"Every
company out there is potentially susceptible in today's cyber landscape,"
Markus said of hacking attacks, some even by nation states.
"These
incidents can put companies out of business."
Equifax shares
were down more than 13 percent to $124 in after-market trades that followed
news of the hack.
Related Article:
No comments:
Post a Comment