Hackers accessed the data for Equifax, one of the three major U.S. credit reporting companies, potentially compromising the data for more 143 million Americans – about 60 percent of the adult population, the company said Thursday.
The data breach is one of the largest in recent years and the third major cybersecurity threat the Atlanta-based credit reporting company has faced in less than three years’ time.
The consumer information hackers obtained includes the names of U.S. consumers and their social security numbers, dates of birth, addresses, and driver’s license numbers. Additionally, the credit card numbers for 209,000 consumers were stolen and the personal information used in disputes for about 182,000 people was also stolen.
“If identity thieves wanted to hit one place to grab all the data needed to do the most damage, they would go straight to one of the three major credit reporting agencies,” The New York Times reported. And while other data breaches may have eclipsed the Equifax breach in sheer size, hackers were able to obtain keys that unlock consumers’ medical histories, bank accounts, and employee information, The New York Times said.
Another troubling aspect of the Equifax breach is that it potentially exposed all those affected to the threat of identity theft not just in the immediate future but for the rest of their lives.
“On a scale of 1 to 10 in terms of risk to consumers, this is a 10,” Avivah Litan, a fraud analyst at Gartner, told The New York Times.
Hackers found their way into Equifax’s data through a weak spot in the company’s website software and were able to harvest information from mid-May to June. The breach was discovered on July 29.
Equifax’s database has been successfully targeted twice before recently. Last year, identity thieves stole critical W-2 tax and salary data from an Equifax website. Earlier this year, hackers stole more W-2 tax data from an Equifax subsidiary, TALX, which provides online payroll, tax, and human resources services to several of the nation’s largest companies.
Experts say Equifax’s offer to protect consumers for one year free of charge falls short of what is really needed because the information stolen can be bought, sold, and used for years to come.