Credit-reporting company Equifax Inc. said Thursday that hackers gained access to some of its systems, compromising the personal information of about 143 million U.S. consumers, according to WSJ.
The size of the hack is second only to the pair of attacks on Yahoo Inc. disclosed last year that affected the information of as many as 1.5 billion customers. It also involves nearly twice the number affected by one of the highest-profile breaches at a financial firm, the cyberattack at J.P. Morgan Chase & Co. about three years ago, the Journal also says.
An internal investigation revealed hackers exploited a vulnerability in a U.S. website application to gain unauthorized access to files from mid-May through July. The company, however, said it hasn’t found any indication that its “core consumer or commercial credit reporting databases” had been comprised.
According to CNN, cyber criminals have accessed sensitive information -- including names, social security numbers, birth dates, addresses, and the numbers of some driver's licenses. Additionally, Equifax said that credit card numbers for about 209,000 U.S. customers were exposed, as was "personal identifying information" on roughly 182,000 U.S. customers involved in credit report disputes. Residents in the U.K. and Canada were also impacted. The breach occurred between mid-May and July, Equifax said. The company said it discovered the hack on July 29. The data breach is one of the worst ever, by its reach and by the kind of information exposed to the public.
"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do," said Equifax chairman and CEO Richard F. Smith, cited by CNN.
Credit rating firm Equifax holds data on more than 820 million consumers as well as information on 91 million businesses, as media reports show.
"On a scale of 1 to 10, this is a 10," said Avivah Litan, a Gartner analyst who monitors ID theft and fraud, cited by BBC. "It affects the whole credit reporting system in the United States because nobody can recover it, everyone uses the same data."
As Business Insights previously reported, Internet entertainment, news and search site Yahoo announced on Sept. 22, 2016 that a recent investigation by the company confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it thinks is a state-sponsored actor. Yahoo suspected that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network.