Industry Updates

Equifax Announces Another 2+ Million Were Affected By Breach

Equifax’s problems just keep getting worse.

Not long ago, the company suffered a major data breach that ultimately resulted in the CEO stepping down and a painful congressional grilling. Initial estimates placed the number of impacted users at some 143 million, but as the investigation has continued, it turns out that the numbers are even higher than initially feared. Based on the forensic team’s final report, as many as 145.5 million users were impacted.

In our modern society, there are many who would argue that your credit score is as important, if not more important than your social security number. To arrive at your score, the “Big Three” credit reporting agencies necessarily have to collect a large amount of sensitive information about people, so when they suffer from a breach, it’s bad, and in Equifax’s case, it just keeps getting worse.

Based on the latest information, the compromised data included names, social security numbers, birthdays, and addresses. If that wasn’t bad enough, some 200,000 customers saw their credit card information exposed, along with an unknown number of electronic documents containing PII.

Most of the impacted customers live in the United States, but approximately 80,000 were Canadians.

To put these numbers in full context, Equifax maintains files on more than 800 million people around the world, along with more than 90 million businesses, so the breach, while catastrophic in size, wasn’t nearly as bad as it could have been.

That’s small consolation to the millions who have been impacted, but it’s important to understand that as bad as the breach was, it was quite far from the worst case scenario.

In the aftermath of the breach, the company has come under fire by the US Government, which has charged that the company actually stands to profit from it by selling a credit monitoring service after giving impacted consumers one year free.

In light of the recent congressional hearings on the matter, the future of that program is unclear, but this breach, and its root cause (an unpatched Apache Struts 2 vulnerability) serves to underscore how easy it is for even big multinational companies to fall victim to a determined hacker.