Equifax, one of the largest credit reporting agencies in the US, has been the victim of a massive data breach at the hands of hackers. Data was stolen between May and July of this year, and potentially impacts 143 million Equifax customers. The data stolen is thought to include names, Social Security numbers, birthdates, addresses, driver’s license numbers, and in some cases, credit cards.
In a statement, Equifax said that “Criminals exploited a U.S. website application vulnerability to gain access to certain files,” although it stressed “The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases,” meaning that hackers haven’t tampered with credit files themselves.
Nonetheless, the potential data stolen is a goldmine for hackers. Social security numbers, birthdays, and driver’s license numbers are all used as forms of verification for all kinds of purposes, including bank accounts and tax returns. With that complete set of data, hackers could potentially scam millions of customers, and breach security across all kinds of other services.
In some cases, the data stolen by hackers could be even more damaging. Credit card numbers for 209,000 consumers stolen, as well as “dispute documents with personal identifying information” for 182,000 more people.
The hack could end up causing more than just embarrassment for Equifax. Similar hacks, such as Target in 2013, have seen class-action lawsuits settled for tens of millions of dollars. Exposing the personal information of over 100 million Americans could prove to be catastrophic for the agency.
For now, Equifax is in full damage-control mode. “This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” CEO Richard F. Smith said in a statement. The company is also offering identity theft protection and credit monitoring to customers through a bespoke website.