Posted on September 9, 2017 at 1:23 PM

Equifax hit with Data Breach Attack, Personal Data of 143 million Americans Stolen

Atlanta based credit firm Equifax recently reported a data breach attack which saw the personal details like social security numbers of 143 million Americans stolen.

Data breach attacks have become quite common over the past 3-4 years. The most recent company victimized by this attack is Equifax, an Atlanta based credit firm. Personal details of about 143 million Americans were compromised due to this attack. These details include social security numbers, credit card numbers, phone numbers, addresses, and even driving license numbers in many cases.

The credit firm confirmed that the attackers exploited a US application that gave them access to user files between May and July of 2017. A lot of information was stolen, including the driving license numbers of some 209,000 users. Before making the announcement, three senior executives sold shares of around $1.8 million. The stock value of Equifax, quite naturally, plummeted after the announcement.

Richard Smith, chairman and CEO at Equifax, issued a statement in which he expressed his dismay at the turn of events. He said that this attack hurts the company because they pride themselves in the management and protection of data. While an investigation is ongoing, the attack has severely damaged the company’s reputation.

The stolen data is a treasure chest for malicious users all over the world. Personal information from credit firms is used by many people and services to verify the identity of an individual. These include financial institutions and landlords. So, if this information falls into the hands of malicious users, they could easily fake the victim’s identity and carry out fraudulent transactions in their name. In an age where identity theft is a serious problem, such a data breach is appalling, since it gives criminals everything they could wish for.

Avivah Litan, the security analyst at Gartner, rated this breach as a 10 in terms of risk of identity theft. She went on to say that credit firms hold such a large amount of personal information on citizens that any sort of breach proves hazardous.

To check if this breach affects users, they can visit a special website created by Equifax for this very purpose. Users can also call on 866-447-7559 to find out if their personal information is gone and in the hands of cybercriminals. Apart from this, Equifax is offering customers free credit monitoring, which doesn’t come anywhere close to making amends with the user base which was affected.

Security experts are rallying once again about the need for better practices for identification of users. Ryan Kembler from Proofpoint said that it is unbelievable that financial institutions are still using details like social security number and mother’s maiden name to authenticate users. There is also a call for making information collection to such extent less lucrative and incentive providing for credit firms.

There are many cases of data breaches severely affecting customers. Equifax itself was attacked in 2013 as well, where it was confirmed that unauthorized access to the profile of certain high-profile individuals was made. While the company didn’t name these individuals, hackers posted personal information like previous addresses, credit history, and banking information, of celebrities and individuals like Michelle Obama, Paris Hilton, and former US attorney general Eric Holder. This information was posted a day before Equifax confirmed a breach.

There are cases of other breaches where a lot more users were affected. Yahoo faced a calamitous data breach attack in which information of around 1 billion users was stolen. In 2015, health insurer Anthem Inc was attacked, where the social security numbers of 80 million customers were stolen. But this Equifax breach is worse than both these instances. For starters, the Yahoo breach didn’t involve theft of social security numbers or driver’s license numbers. As for the Anthem Inc breach, the number of users affected was much smaller than those affected in the Equifax breach.