Skip to content

Equifax Data Breach Exposes 145.5 Million Records

Written by

Josh Turner

What is Equifax? It’s a consumer credit reporting agency. Recently, on September 18, 2017, Equifax noticed it was a victim to what turned out to be one of the largest security breaches in history, and in early March it had begun “notifying a small number of outsiders and banking customers” about this attack.

Equifax was warned months before the breach about vulnerabilities

Equifax failed to promptly install a security fix to a flaw found in a web application tool known as apache struts, used by many major corporations, experts said.

Hackers took advantage of that window, which lasted at least two months, to hack the company’s cyber-security defenses. That allowed them to gain access to the personal data of up to 145.5 million people.

“All you had to do was put in a search term and get millions of results, just instantly — in cleartext, through a web app,” the security researcher was quoted as saying. He said the personal data of all of Equifax’s customers could be downloaded in 10 minutes.

“If it took me three hours to find that website, I definitely think I’m not the only one who found it. It wasn’t just one breach. It was maybe dozens,” the researcher claimed.

What has been stolen?

Information accessed by the hacker (or hackers) in the breach included first and last names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.

British data exposed: 14.5 million records breached that dated from 2011 to 2016 and did not contain information that put British consumers at risk.

Canadian data exposed: 8,000 client records exposed

American data exposed: Overall the 145.5 million people The United States, had their information compromised, including Social Security numbers, birth dates, and addresses.

Want to check if you were impacted by this breach? Click here

Want to place a freeze on your credit? Here’s how!

A freeze means that no one (including you) can access your credit file until you unfreeze it, using a PIN or passphrase. That makes it harder for identity thieves to open new accounts in your name. To be effective, you must place a freeze with all three credit reporting agencies — Equifax, Transunion, and Experian. That’s because when a thief tries to take out new credit, a business can pull your credit report from any of the three agencies. If you’ve only frozen your Equifax file and the business checks with Experian or Transunion, your Equifax freeze does you no good. It will also cost you some money to freeze and unfreeze your credit. Currently, Equifax is waving the fee for everyone from October 27th to January 31st while TransUnion and Experian are not offering free freezes, Those will most likely cost $5-$10 for each freeze.

To freeze your credit files, contact the three major credit businesses individually.  You can contact them over the phone or online.

Timeline of events

Mid-May through July 2017 – This is the time frame in which Equifax says hackers gained unauthorized access to its data.

Thursday, July 29 – Equifax discovers the hack and immediately stopped the intrusion.

Tuesday, August 1 & Wednesday, August 2– Three top executives from Equifax sell nearly $2 million worth of company stock.

Thursday, September 7 – Equifax officially alerts the public about the cybersecurity incident and provides a dedicated website for consumers to check if they were affected. Later on that night, the company also issues a statement saying the three executives “had no knowledge that an intrusion had occurred at the time they sold their shares.”

Friday, September 8 –Shares of Equifax shed more than 13% of their value in trading. Sen. Elizabeth Warren (D-Mass.) tears into the company on social media for trying to push customers to give up their right to sue.

Monday, September 11 – Two key US senators ask Equifax Inc. to answer detailed questions about a breach of information affecting up to 143 million Americans, including whether U.S. government agency records were compromised in the hack.

Tuesday, September 12 – Equifax CEO Richard Smith apologized for the intrusion and vowed to make changes to protect against cyber crimes in the future.

Wednesday, September 13 – Equifax CEO is formally called to testify before Congress on October 3. Smith will testify before the members of the House Energy and Commerce Committee.

Thursday, September 14- The Federal Trade Commission says it is investigating the massive data breach. Equifax shares fell 5% to $94.19 in heavy trading after earlier touching $89.59, their lowest since February 2015.

Monday, October 2 – Equifax has found out that 2.5 million more people were exposed then they thought leading the total of people that have been breached to 145.5 million people.

Additionally, Van Fleet, a Seattle women, has been severely impacted by this breach. She claims that her identity has been stolen over 15 since early September, and has filed a lawsuit against Equifax. Others are coming forward with similar stories. 



Previous article

Briggs Stratton Healthcare Information Breach 2017

Next article

The Anatomy of Malvertising

Join the discussion

Leave a Reply