Equifax Breach: 8 Takeaways

Data Broker Faces Questions About Security Defenses, Insider Trading

After Equifax on Thursday warned that 143 million consumers’ personal details may have been stolen by hackers, criticism of the consumer credit reporting agency – and data broker – has been swift.

Many security experts are asking how attackers were able to exploit the “website application vulnerability” cited by Equifax to steal so much personal information. Indeed, the breach may have exposed Social Security numbers for nearly half of all Americans.

On Friday, New York Attorney General Eric T. Schneiderman announced he has launched a formal investigation into the Equifax breach and has sent a letter to the company seeking additional information about the incident. Meanwhile, attorneys general in Connecticut, Illinois and Pennsylvania announced they plan to sent a joint letter requesting details from Equifax. Plus, the House Energy and Commerce Committee and Financial Services Committee announced plans to hold hearings to examine the massive data breach, according to The Hill.

Here are eight takeaways from the breach.

1. Breach Burns SSNs

Equifax says many of the 143 million breach victims had their names, Social Security numbers, birthdates, addresses – and in some instances, driver’s license numbers – stolen by attackers. The company says that based on its investigation, it was hacked in mid-May, and attackers continued to access the data until the breach was discovered in late July.

In addition, Equifax says 209,000 U.S. consumers’ credit card data was exposed in the breach, as were 182,000 U.S. consumers’ “dispute documents,” containing personal information. Equifax says it “also identified unauthorized access to limited personal information for certain U.K. and Canadian residents” and that it will “will work with U.K. and Canadian regulators to determine appropriate next steps.”

Continue reading…