Estimated 143M Exposed in Equifax Hack
September 08, 2017
Equifax has informed the world of what may be one of the largest U.S. data breaches to date. The hack of the consumer credit score company exposed the personal data of an estimated 143 million people. That’s nearly half of the 326.4 million population; some Canadian and U.K. residents were also impacted.
Unauthorized parties were able to access credit card and driver’s license numbers, names, and Social Security numbers due to what Equifax, last night, described as “a U.S. website application vulnerability,” in a press release.
This occurred between mid May and July; Equifax says it became aware of the problem on July 29 and “acted immediately to stop that intrusion.” Since then, Equifax has been working with law enforcement and the company hired a cyber security firm to investigate the situation. The investigation should be concluded “in the coming weeks,” Equifax says.
The company is sending letters to those whose credit card numbers or dispute documents with personal information were accessed. To answer consumer questions about the breach and figure out whether they personally were affected, Equifax suggests consumers visit its new www.equifaxsecurity2017.com website. Call center agents at 866-447-7559 are also fielding consumer questions about the hack. (An author of a story posted last night on TechCrunch said she called the company three times, and each time was put on hold by the IVR and then disconnected. I called the phone number above this morning and got an automated message saying “if you’re calling about the incident…,” was put on hold for several minutes, and was eventually connected with a human.)
Forrester (News - Alert) Consulting in a February 2017 white paper says two-thirds of organizations have experienced an average of five or more breaches in the past two years. It adds that hackers compromised more than one billion identities last year alone.
The most commonly breached kind of data, according to Forrester, are:
• identities and passwords, at 57 percent;
• customer records, at 49 percent;
• business partner records, at 44 percent;
• employee records, at 41 percent;
• proprietary intellectual property, at 38 percent;
• business partner intellectual property, at 27 percent; and
• non-public financials, at 21 percent.
Meanwhile, Gemalto’s (News - Alert) Breach Level Index indicates:
• There were more than a billion data records (1.37 billion) compromised in 2016.
• That means 3,776,738 records were lost or stolen every day.
• Identity theft was the leading type of data breach in 2016, accounting for 59 percent of all data breaches.
• More than 7 billion data records [not including this latest hack] have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches.
Meanwhile, the Worldwide Semiannual Security Spending Guide from International Data Corp. expects worldwide revenues for security-related hardware, software, and services to reach $81.7 billion this year. That’s an increase of 8.2 percent from last year.
"The rapid growth of digital transformation is putting pressures on companies across all industries to proactively invest in security to protect themselves against known and unknown threats," said Eileen Smith, IDC’s (News - Alert) program director for customer insights and analysis. "On a global basis, the banking, discrete manufacturing, and federal/central government industries will spend the most on security hardware, software, and services throughout the 2015-2020 forecast. Combined, these three industries will deliver more than 30 percent of the worldwide total in 2017."
Here are some quotes from folks who have emailed about the Equifax breach:
Bill Mann, chief product officer at Centrify: “Equifax’s stock declined five percent the day its breach became public. This is directly in line with a recent Ponemon study that found this to be the historic average on Day One. The long-term impact will likely be greater, as this breach impacts millions of consumers who trust Equifax with their most personal information, and trust is at the core of their business. Based on its severity and the sheer numbers involved, a breach like this will displace consumer trust, and potentially wipe out additional value quickly.”
Kenneth Geers, senior research scientist at Comodo: “Even if you are not a customer, Equifax likely has a lot of data about you, and you should take proactive steps in response to this hack.”
Ilia Kolochenko, CEO and founder of High-Tech Bridge: “This is a disastrous data breach, probably one of the most detrimental breaches of this year, capable of undermining trust in an already quite fragile online financial space…. Now cybercriminals have a great wealth of opportunities to conduct spear phishing, fraud, identity theft, impersonation and social engineering attacks against the victims of the breach. We should be prepared for skyrocketing number of attacks targeting not only the victims, but their relatives, employers and partners. The breached database will likely be shared among various cyber gangs, exacerbating the damage. It's a very colorful, albeit very sad, example how a vulnerability in a web application can lead to disastrous consequences for an entire company, its customer base and far beyond.”
Edited by Mandi Nowitz
Article comments powered by