Advisory from the ECPI Center of Innovation

Equifax, one of the three major consumer credit reporting agencies in the United States, has released details of the company’s investigation of a breach affecting up to 143 million Americans, which is nearly half of the current population (326 million)[i].

Details

From a statement released by Equifax[ii], this breach occurred when hackers “exploited a U.S. website application vulnerability” to obtain specific files. The unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.

The compromised data includes:

• Social Security numbers
• Birth dates
• Addresses
• Driver’s license numbers
• Credit card numbers for approximately 209,000 U.S. consumers
• Certain dispute documents with PII (personal identifying information) for approximately 182,000 U.S. consumers

Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax stated that they will work with UK and Canadian regulators to determine appropriate next steps.

Recommendations

It is important to be mindful that during these types of events, nefarious actors may try to take advantage of the situation by emailing or calling you. It is recommended that you do not open any links or attachments in suspicious emails or provide sensitive information that is unexpectedly requested.

 Equifax is providing a link on its website where you can check to see if you are potentially impacted: https://www.equifaxsecurity2017.com/potential-impact/

[i] https://www.census.gov/popclock/

[ii] https://investor.equifax.com/news-and-events/news/2017/09-07-2017-213000628