Coverage: Equifax says breach affected 143 million consumers

An estimated 143 million U.S. consumers could be affected by a cybersecurity attack carried out by suspected criminal hackers, national credit-reporting company Equifax said Thursday.

Kevin McCoy of USA Today had the news:

The unauthorized access to information for nearly 44% of the U.S. population occurred from mid-May through July 2017 and primarily involved names, Social Security numbers, birth dates, addresses and, in some cases, driver’s license numbers, the company said in a detailed announcement of the attack.

Additionally, the hackers gained access to credit card numbers for roughly 209,000 consumers, plus certain dispute documents with personal identifying information for approximately 182,000 consumers.

Equifax also identified unauthorized access to limited personal information for certain United Kingdom, and Canadian residents.

However, there was no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases, the company said.

Anders Melin of Bloomberg News reported that three company executives sold $1.8 million in stock shortly before the disclosure:

The trio had not yet been informed of the incident, the company said.

The credit-reporting service said late Thursday in a statement that it discovered the intrusion on July 29. Regulatory filings show that three days later, Chief Financial Officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099. Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2. None of the filings lists the transactions as being part of 10b5-1 scheduled trading plans.

The three “sold a small percentage of their Equifax shares,” Ines Gutzmer, a spokeswoman for the Atlanta-based company, said in an emailed statement. They “had no knowledge that an intrusion had occurred at the time.”

Equifax said in its statement that intruders accessed names, Social Security numbers, birth dates, addresses and driver’s-license numbers, as well as credit-card numbers for about 209,000 consumers. The incident ranks among the largest cybersecurity breaches in history.

Sarah Buhr of TechCrunch said she called Equifax three times to find out if she was affected, to no avail:

After pressing “1” for English and then being told “calls will be monitored or recorded for quality assurance purposes” I was informed Equifax was experiencing a high call volume at the moment (no surprise) and was told to stay on the line.

After a little over five minutes of being subjected to peppy corporate music, I was then informed representatives were available till 1 am EST and to try again later. Then it hung up on me.

Undaunted, I tried the same thing over again, went through the same actions, waited on the line for about six minutes and was hung up on once again. I tried this an hour later and the same thing happened again.

Right now, there doesn’t seem to be a good solution in place online or off. Instead, likely this same experience awaits if you want to find out what the hell Equifax allowed to happen to your personal data.