Equifax breach affects 143 million consumers, including some Canadians

The Atlanta, Ga.-based office of consumer credit-reporting agency Equifax Inc. announced Thursday that it had been the victim of a cybersecurity breach that may affect approximately 143 million consumers, including some Canadians.

The majority of information accessed in the breach included names, social security numbers, birth dates, addresses, some driver’s licence numbers, the credit card numbers for approximately 209,000 U.S. consumers, and dispute documents with personal identifying information for approximately 182,000 U.S. consumers.

The company also discovered unauthorized access to what CBC News reported as “limited personal information” for some Canadian and U.K. residents, but did not disclose the number of people affected.

In a statement, Equifax said that it will work with U.K. and Canadian regulators to “determine appropriate next steps,” adding that it has “found no evidence that personal information of consumers in any other country has been impacted.”

Though Equifax only reported the breach this week, the unauthorized access occurred between mid-May and July 2017. According to the company’s internal investigation, perpetrators exploited a U.S. website application vulnerability to access the files.

After the announcement, a Bloomberg investigation revealed that three Equifax executives had sold their company stock before the hack was revealed, though according to the company the trio had not yet been informed of the incident.

In a statement emailed to ITBusiness.ca, David Masson, Canada country manager of cybersecurity firm Darktrace, said that Canadian companies should view the breach as a cautionary tale.

“Time and time again, we have seen attacks of this scale plague the news,” Masson said. “It is clear that companies have a huge visibility problem – they simply cannot see what is happening inside their own networks.”

“New cyber-attacks are increasingly inconspicuous – in Equifax’s case, able to exfiltrate data from the network for almost two months without sounding any alarms,” he continued. “With 143 million accounts potentially breached, cyber-criminals are undoubtedly succeeding in undermining consumer confidence in organizations’ ability to keep our information private.”

“Companies need to ask themselves a crucial question: how do you stop the attacker already inside your network, before it escalates into a crisis?”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Eric Emin Wood
Eric Emin Wood
Former editor of ITBusiness.ca turned consultant with public relations firm Porter Novelli. When not writing for the tech industry enjoys photography, movies, travelling, the Oxford comma, and will talk your ear off about animation if you give him an opening.

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.