Consumer credit reporting agency, Equifax, reported a massive data breach which is speculated to affect nearly 150 million users in the United States alone.
“Criminals exploited a U.S. website application vulnerability to gain access to certain files,” the company said. The company discovered the breach nearly two months ago on July 29.
Once the news broke, Equifax’s share prices dropped over 12% in after-hours trading.
The company revealed that the exposed data consists of names, birth dates, Social Security numbers, addresses, and driver’s license numbers, all of which Equifax aims to protect for its customers. The company set up www.equifaxsecurity2017.com for people to check if their personal data was exposed.
Equifax noted that 209,000 U.S. credit card numbers were obtained, in addition to “certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers.”
“This is a security risk for any and every website that anyone uses,” Christopher O’Rourke, founder and CEO of cybersecurity firm Soteria, told CNBC.
Equifax Chairman and CEO Richard Smith apologized to consumers. He said, “Most often, security questions to access those websites use that data, like a previous address, so this becomes an open-source intelligence nightmare, worse in many ways than the Office of Personnel Management government breach. It’s nasty. If I can get my hands on that information I can call a bank. They’re going to ask me for your social, address, the information that was leaked here, to get access.”
Apart from this, the SEC report shows three of the company’s executives, CFO John Gamble Jr., Workforce Solutions President Rodolfo Ploder, and U.S. Information Solutions President Joseph Loughran sold about $2 million worth of their shares in the company a few days after the attack came to light. The company announced in a statement that this had nothing to do with the breach and that the executives were unaware of such information at the time of the sale.
The company is taking steps to resolve the situation, minimize losses, and restore reputation. It is alerting customers whose information was included in the data breach and is cooperating with state and federal authorities. The company is offering free credit file monitoring and identity theft protection services.