Hackers have accessed names, Social Security numbers, birth dates, addresses and driver’s license numbers, Equifax said in a statement. Equifax shares fell more than five percent in trading after the market closed.
US credit rating firm Equifax admitted today that illegal access to its databases may have exposed information to about 143 million people. The company said in a statement that “unauthorized access” was carried out between May and July by “criminals who exploited the vulnerability” of an application on its Internet site.
Equifax Inc. said its systems were targeted by a cyber security attack that may have affected about 143 million US consumers, what may be one of the largest computer incidents in history.
“This is clearly a disappointing and disturbing event for our company future, and one that strikes at the heart. I apologize to consumers and our business partners for the concern and frustration this causes,” Chief Executive Richard Smith said in the statement.
Criminals took advantage of the vulnerability of a US website application to access the archives for a period ranging from mid-May to July this year. The intruders accessed credit card information for nearly 209,000 consumers and dispute documents with personally identifiable information from about 182,000 consumers, Equifax said.
Some residents of the United Kingdom and Canada were also affected. Company discovered the incident on July 29, is working with regulators in both countries. Equifax further explained that they do not believe that any consumer from other countries has been affected.
Equifax discovered the hack on July 29, but waited until Thursday to warn its customers. The curious thing about the case was that just three days after the company learned of the problem, on August 2, three of the company’s top executives sold shares for an amount close to 2 million dollars.
In this regard, Equifax declined to comment why it took too much time to make the problem public. This practice is not suspicious, since it is common for authorities to request a company that was targeted by a hack to delay making the situation public so that investigators can prosecute the perpetrators.
“On a scale of 1 to 10, this is a 10 in terms of possible identity theft,” said Aviva Litan, security analyst at Gartner. “Credit bureaus store so much information from us that it affects almost everything we do.”
The incident is among the biggest cyber security in history.