Jump to main content

Equifax Data Breach

Equifax Says Cyberattack May Have Affected 143 Million Customers

Equifax, one of the three major consumer credit reporting agencies, said on Thursday that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver’s license numbers.

The attack on the company represents one of the largest risks to personally sensitive information in recent years, and is the third major cybersecurity threat for the agency since 2015.

Criminals gained access to certain files in the company’s system from mid-May to July by exploiting a weak point in website software, according to an investigation by Equifax and security consultants. The company said that it discovered the intrusion on July 29 and has since found no evidence of unauthorized activity on its main consumer or commercial credit reporting databases.

Equifax said that, in addition to reporting the breach to law enforcement, it had hired a cybersecurity firm to conduct a review to determine the scale of the invasion. The investigation is expected to wrap up in the next few weeks.

Equifax has created a website, www.equifaxsecurity2017.com, to help consumers determine whether their data was at risk. The company also suggests getting a free copy of your credit report from the three major credit bureaus: Equifax, Experian and TransUnion. These are available at annualcreditreport.com. It also suggests contacting a law enforcement agency if you believe any stolen information has already been used in some way.

Equifax’s credit protection service, which is free for one year for consumers who enroll by Nov. 21, is available to everyone and not just the victims of the breach.

Equifax is offering consumers the ability to freeze their Equifax credit reports, said John Ulzheimer, a consumer credit expert who often does expert witness work for banks and credit unions and worked at Equifax in the 1990s. Thieves could have information stolen from Equifax and used it to open accounts with creditors that use Experian or TransUnion.

Click here to read the full article.

Wednesday, August 7, 2019

Equifax recently reached a sttlement with the Federal Trade Commission (FTC) for the 2017 data breach that occured. The FTC has set up a site to provide information to the public and allow affected customers to submit claims. Malicious actors are now setting up fake claims sites and sending out phishing attachs in an attempt to get people to go to the fake claims sites to steal thier personal information. Do NOT click on any of these emails. 

If you would like to see if you were affected by the breach and eligible for a claim, go to https://ftc.gov/equifax. From there, you can click on the link to the site where you can check if your information was included in the data breach and can file a claim if desired. NOTE: The FTC site directs you to https://www.equifaxbreachsettlement.com/ which is the correct site for the Equifax Breach Settlement. 
Source: Ongoing Operations CISOaaS Team By Shane Butcher, CISSP, CEH 08/07/19

While WyHy had no part in this breach and we only pull credit data from TransUnion and Experian, we do report to all three national credit bureau agencies as most all financial institutions do. We encourage our members to look into their individual situations as we will continue to stay informed and share any details relevant to our members.