Equifax: the biggest data breach in the US

Next story
Olivia Storey

143 million customers of Equifax, the credit report agency, are faced with their personal information compromised in a cyber-security breach.

American credit rating firm, Equifax, holds data for more than 820 million consumers as well as information on 91 million businesses. This is one of the largest security breaches reported in the US, with customer’s personal and financial information being stolen.

The breach saw data such as Social Security numbers, birth dates and addresses stolen, as well as credit card numbers for about 209,000 consumers.

The website is believed to have a vulnerability that led to the systems being exploited, and the hackers having full access to the confidential information accessed the information between mid-May to the end of July, when the company discovered the breach.

Equifax has said the incident was disappointing and apologised to consumers and businesses for the trauma and stress this may have caused. The company is now working with law enforcement agencies to investigate and are analysing what happened.

Customers of Equifax were allegedly able to check if their data has been compromised in the breach via a specifically created webpage, however there are reports via social media that customers had problems reaching it, and that security software flagged it as potentially dangerous.

Some British people may have been affected by the breach, and the Information Commissioner’s Office (ICO) has been in contact with Equifax to decipher how many British people could have been affected and the kinds of data that had been stolen. They will be advising Equifax to alert affected UK customers at the earliest opportunity.

Ondrej Kubovič, ESET Security Awareness Specialist, discusses cyber breaches of this scale and how companies can best protect themselves.

“The number of data breaches is growing with every day, and as we can see in this case, black-hats don’t hesitate to target large entities with vast databases of sensitive information.

“Securing these should therefore be one of the top priorities for any company working with data.

“One particularly effective, and yet financially reasonable solution to achieve this, is high-quality encryption, which, if properly implemented, renders leaked data unreadable and thus worthless for the attacker.

“Of course, even encryption isn’t a silver bullet and should be complementary to other security measures such as, patching and updating of all systems and applications, limiting the attack surface to a minimum, as well as implementing reliable security solution using multiple-layers of protective technologies.”

Have you managed to find out if your information was compromised? Let us know on Twitter @ESETUK.

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.