Previous Story
Equifax Breach Actually Affected 145.5 Million People
Posted On Oct 03 2017
Comment: Off
On March 9, the company’s IT team was informed of a vulnerability affecting the Apache Struts software it used on its dispute resolution portal, with instructions to patch it in 48 hours.
Hackers seem to have made their entry between mid-May and end of July.
Equifax identified an intrusion on July 29. The company’s security team blocks the identified suspicious traffic.
The company notified the Federal Bureau of Investigation and hired outside council and security experts on August 2.
Equifax released the new estimate on Monday, a day after Mandiant, the computer forensics division of the cybersecurity firm FireEye (feye) that Equifax hired, completed its full review of the damage. The company adds an unspecified number of U.K and Canadian consumers also may have been impacted.
In the USA and the Canada, the company will mail written notices to all of the potentially impacted consumers, including the 2.5 million additional U.S. accounts.
He convened a September 1 board meeting to discuss the size of the breach, the ongoing investigation, and the company’s public disclosure and response.
Equifax is facing investigations in Canada and the USA, as well as at least two proposed class actions filed in Canada.
On Tuesday, Equifax’s CEO at the time of the breach, Richard Smith (who has since stepped down), formally testified before the US House Committee on Energy and Commerce Subcommittee on Digital Commerce and Consumer Protection. Unfortunately, it’s not clear when those findings will be shared, because the company is “continuing discussions with regulators in the United Kingdom regarding the scope of the company’s consumer notifications”.
Smith noted that in addition to his departure, the company’s chief information officer and chief security officer also left the company following the breach. Both are replaced with internal employees on an interim basis effective immediately. So the number of additional people affected by the Equifax breach sits between the U.S.’ third and fourth largest cities.
Earlier this month, the credit reporting company announced that crucial, identifying information belonging to almost half the country may have been compromised, including birth dates, home addresses and Social Security numbers. Equifax has said the executives were not aware of the breach when they sold stock.
The breach involved TALX, which is Equifax’s human resources and payroll service.
While Barros is getting a hefty raise, he will be making far less than the roughly $15 million in total compensation that Smith received previous year.
Equifax said on Monday that 8,000 Canadians were impacted, having initially said that as many as 100,000 Canadian citizens may have been affected by the breach.
House Republicans and Democrats on Tuesday grilled Equifax’s former chief executive over the massive data hack of the personal information of 145 million Americans, calling the company’s response inadequate as consumers struggle to deal with the breach.
