On Thursday, Equifax announced that hackers had gained access to the sensitive, personal information of 143 million American consumers, including their birth dates and Social Security numbers. One of the three major credit reporting agencies in the country, along with Experian and TransUnion, the Atlanta-based company has been an attractive target for cybercriminals looking to gain sensitive and potentially lucrative personal information.
“On a scale of 1 to 10 in terms of risk to consumers, this is a 10,” Avivah Litan, a fraud analyst at Gartner, told The Times.
In addition to Social Security numbers, the hackers were also able to access names, addresses and driver’s license numbers — in short, all the information they need to steal a person’s identity. Credit card numbers for 209,000 customers were also reportedly stolen.
The FBI is aware of the breach and has been tracking the situation, according to an agency spokesperson.
However, this isn’t the first time Equifax has fallen prey to hackers. In 2013, all three credit reporting agencies reported “fraudulent and unauthorized access” to the financial files of big-name consumers from annualcreditreport.com — a jointly run site designed to give users free access to their own credit reports from all three agencies.
“Software development has become easy and popular, making security an afterthought, and software engineering has failed to adopt the attitude of civil service that might treat security as a first-order design problem,” notes Ian Bogost.
While Equifax never actually named the targeted individuals, just a day after the breach, hackers claimed to have retrieved the personal data of several high profile celebrities and politicians, including Beyoncé, Paris Hilton and Vice President Joe Biden and First Lady Michelle Obama.
Then again, last year, The Times says, identity thieves gained access to an Equifax website and “made off with critical W-2 tax and salary data.”
“John Gamble, Rodolfo Ploder and Joseph Loughran, had “no knowledge” of the breach when they sold their shares,” a company spokesperson told The Guardian.
What’s worse, after the company discovered this year’s latest massive data breach on July 29, three senior executives reportedly sold Equifax stock totaling $1.8 million on August 1 and 2, before divulging news of the breach to the general public. Equifax stock plunged more than 13% following announcement of the cyberattack.
Buying stolen financial information from hackers may be easier than you think. Hackers are now advertising stolen information on services like YouTube and selling it on standard websites.
Consumers can call 866-447-7559 for more information. Equifax has also set up a website where people can check to see if their personal information has been stolen. But beware, accessing the site requires submitting your last name as well as the last six digits of your Social Security number. Hmmm.
– Danielle Bizzarro