This is a big one: the personal information of around 143 million U.S. consumers was stolen in a security breach in July at Equifax, which analyzes the credit scores used to make decisions about lending and other financial services.
Equifax disclosed the breach Thursday and it has set up a special website where consumers can check to see if they were affected by the incident, in which someone took advantage of an unspecified “U.S. website application vulnerability” in order to access the information. Most of the information stolen was names, addresses, Social Security numbers, and in some cases, driver’s license numbers, but Equifax also said that credit card numbers belonging to 209,000 U.S. consumers were stolen during mid-May and July 29th, when the company learned of the incident. A small number of U.K. and Canadian residents were also affected.
Nearly half the country was affected by this incident in one way or another. Equifax said it has begun informing those who were affected, but you can also check its site for more information, and it might be a good idea to check your credit card statements for the last couple of months.
If you were a criminal hacker looking for a juicy target, Equifax was a good idea. “The company organizes, assimilates and analyzes data on more than 820 million consumers and more than 91 million businesses worldwide, and its database includes employee data contributed from more than 7,100 employers,” as Equifax described itself on its About page. That data is used by lenders, employers, and others to judge a person’s credit risk.
This incident would rank fourth on CSO’s recent list of the worst cyberbreaches in history, behind Yahoo’s massive 1.5 billion-user breach between 2013 and 2014 (which wasn’t actually discovered until two years later), Adult Friend Finder’s leak of information belonging to 412.2 million users in 2016, and the theft of personal information from 145 million eBay users in 2014.
Update: Bloomberg is reporting that three senior managers at Equifax sold some of their shares in the company in the days immediately after it learned of the breach. Equifax’s stock plunged 12 percent in after-hours trading following its announcement. To quote Dan Gillmor, “if this is not a financial crime, what is?”