Cyberattack on Equifax affects 143 million Americans

Equifax Inc (NYSE: EFX), one of the largest consumer credit score providers, has recently been hacked and personal information of 143 million U.S. consumers was accesses and stolen between mid-May and July of this year. Equifax, which is based in Atlanta, handles data on more than 820 million customers and more than 91 millions businesses worldwide. This means that sensitive data such as names, Social Security numbers, and driver's license numbers of nearly half of the U.S. population has been breached, all which is now vulnerable to blackmail and phishing.

This is seen as one of the largest cyber attacks in U.S. history since that on Yahoo where data for more than 1 billion users was compromised in both 2013 and 2014. However, the breach on Equifax has the potential to be much more damaging to consumers and the company because in the Yahoo hack no Social Security numbers or other identification information was stolen. Avivah Litan, security analyst of the Equifax news, stated that "On a scale of one to 10, this is a 10 in terms of potential identity theft". Credit card numbers of almost 209,000 consumers were obtained, in addition to 182,000 other customers who reported an error on their credit reports. Equifax claims that a further investigation showed no evidence that credit reports were stolen in the breach. These credit reports hold a customer's entire financial information which is then used to calculate credit score. Many lenders and employers use Equifax's services in order to approve financing and hire workers by reviewing their credit history.

- $this->copyright_for_current_language

According to reports, hackers gained access to the database through a vulnerability found on a U.S. website application. Equifax said that it discovered the breach on July 29th; however, it waited until now to publicly announcing the news in order to allow for investigations to wrap up. In order to help its consumers, Equifax has set up a website (www.equifaxsecurity2017.com) in order to help them determine whether their data has been breached and if they are at risk. Equifax recommends that customers contact a law enforcement agency if they believe that their information has been used in some way such as being sold online or for blackmail. Equifax is also offering customers the option of freezing their credit reports, which are compiled on their site. By freezing accounts, this will prevent criminals from taking out debt or mortgages in your name. It is also important to freeze accounts with Experian (LON:EXPN) and TransUnion (NYSE: TRU), the two other largest credit bureaus because almost all the same data that Equifax does. Therefore, this incident not only undermines the credibility of Equifax but also that of Experian and TransUnion. On Thursday, September 7th, their shares fell .53% to 15.10 GBP and 4.35% to 47.24 USD, respectively.

- $this->copyright_for_current_language

Just a few days after the company discovered the cyberattack, three Equifax executives apparently sold shares with a combined worth of $1.8 million. The sales, executed on August 1st and August 2nd, were made by: John Gamble, Equifax's chief financial officer; Rodolfo Ploder, president of workforce solutions; and Joseph Loughran, president of U.S. information solutions for Equifax. Equifax stated that the executives were not aware of the intrusion at the time they sold their shares. The company's shares fell 13% to $124.10 and Ray Rothrock, CEO of security software company RedSeal, states that it might take months or even years for Equifax to recover.

Besides the fact that personal information of millions of people was compromised, this breach also poses a national security and economic threat. Most times, when hackers obtain access to such information they store it and build databases of American's personal information which enemy nation states can use to reach their targets or for instigating future attacks. As a result, governments often buy stolen information on the so-called Dark Web in order to retrieve it.

Two proposed class-action lawsuits (one in Oregon and one in Georgia) have also been filed against Equifax, alleging that the company has been negligent in protecting their consumers' personal information. Any breach of data can hurt a company's reputation, but it is much more serious when the entire business revolves around providing accurate financial profiles of customers, which is what Equifax does.