SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
8 Sep 2017

Equifax data breach impacts 143 million Americans

Equifax is one of the largest credit reporting agencies in America, which makes an announcement the company just issued particularly disconcerting. An authorized third party gained access to Equifax data on as many as 143 million Americans.

That's nearly half the population of the United States as of the last census. Equifax announced the incident this afternoon. According to the report, the breach was discovered on July 29th. Included among files accessed by hackers was a treasure trove of personal data: names, dates of birth, Social Security numbers, addresses.

In some cases -- Equifax states around 209,000 -- the records also included actual credit card numbers. Documentation about disputed charges was also leaked. Those documents contained additional personal information on around 182,000 Americans. So how did hackers gain access to the Equifax data? By exploiting a vulnerability on one of the company's U.S.-based web servers. On the surface, at least, that seems to indicate that one of the three major U.S. credit bureaus was victimized by a relatively unsophisticated attack.

Alex Heid, chief security researcher at SecurityScorecard has seen this before. "As surprising as it seems, the same web application vulnerabilities from decades ago are still some of primary vectors that are leveraged by hackers in modern attack scenarios," he said in a comment to Forbes. Heid added that "it seems that the underlying legacy codebase that handled the [Equifax] web application was vulnerable enough for an attacker to exploit."

Personal data like this is a major score for cybercriminals who will likely look to capitalize on it any way they can. One of those ways is by selling off bits like SSNs and drivers' licenses -- which can fetch as much as $20 a piece, according to Patrick Tiquet, Director of Security & Architecture at Keeper Security. And even though Social Security numbers sell for just 1/20th that price, multiply that by 143 million and the attackers could be looking at a major payday.

Another way they may try to profit is by launching targeted phishing campaigns. Noted security researcher Kenneth White believes that "Based on the disclosure, the impact of this could be as far-reaching as the OPM breach." The OPM -- Office of Personnel Management -- fell victim to a hack in June of 2015. Months later, ransomware criminals used the 22 million stolen email addresses to launch a large-scale attack.

The July breach is not the first the company has had to deal with. Earlier this year its TALX payroll group was victimized by hackers. Equifax also isn't the only U.S. credit bureau to be successfully attacked. Experian, the second of the three major bureaus, saw hackers gain unauthorized access to data on 15 million Americans in 2015.

It all paints a pretty grim picture of security at the credit bureaus. Noted researcher Brian Krebs feels that the bureaus "have for the most part shown themselves to be terrible stewards of very sensitive data, and are long overdue for more oversight from regulators and lawmakers."

That oversight could well be coming. Senator Mark Warner, who leads the Senate Cybersecurity Caucus, is extremely concerned about the Equifax breach. It is no exaggeration to suggest that a breach such as this," he said in a statement, "exposing highly sensitive personal and financial information central for identity management and access to credit– represents a real threat to the economic security of Americans.”

Warner also mentioned the need to "create a uniform data breach notification standard" and "rethink data protection policies." For its part, Equifax disclosed the breach quickly and was quick to point out that its "core consumer and commercial credit reporting databases" were not accessed. The roughly 400,000 individuals whose credit card numbers or dispute data were accessed will be notified directly by mail.

The company has created a dedicated website to educate those impacted about the risks, and a call center is open from 7am to 1am Eastern to answer questions. Equifax will also be providing free credit monitoring services for all those affected -- you may need to try a few times to complete the registration process as servers have been overwhelmed with requests thus far.


Download SafeUM — communicate privately, without advertising and spam.

Tags:
information leaks USA Equifax
Source:
Forbes
1718
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015