Founded in 1899, Equifax is one of the three largest American credit agencies along with Experian and TransUnion. Last 7th September, Equifax announced that a third party gained access to its data and hacked 143 million Americans personal data, which is nearly half the population of the United States.

143 millions of American’s data hacked

The breach was discovered on July 29th. Names, Addresses, Birth dates, Social Security numbers, Driver’s license numbers of million Americans were stolen.  In some cases credit card numbers were also compromised. Hackers managed to steal all these data by exploiting a vulnerability on one of the company’s web servers.
These cybercriminal will be now able to capitalize on this hack by selling SSNs or drivers’ licenses, which can be sold $20 a piece. They could also launch large targeted phishing campaigns.

Equifax’s reactions

Equifax created a website which purpose is to tell customers whether their personal information was compromised or not upon entry of the last six digits of their social security number and their last name. However, the website had a Terms of Service Agreement attached to it that states that users waive their right to pursue or participate in a class action lawsuit against them relative to the hack. After being criticized, these paragraphs were removed. Furthermore, customers need to be careful when they are checking Equifax website. Indeed, the website created has a different domain name (www.equifaxsecurity2017.com) than the original website. For instance, an IT security researcher, Nick Sweeting created his own website which has been then retreated by Equifax employees themselves. This shows the fragility of the website itself.
Meanwhile Equifax will also be providing free credit monitoring services for all those affected.
Recently, Equifax said that data of 100 000 Canadians may have been impacted.

A propos de François REN