Equifax Inc., one of the largest credit monitoring companies in the US, has acknowledged that it was the victim of a data theft last July that could affect more than half of the American adult population.
The assailants took advantage of a vulnerability on the company’s website during the past months of May, June, and July to get the data, including details such as date of birth, postal address, driver’s license number, full name and number of social security for more than 143 million people. The company did not discover the vulnerability until July 29. It would be one of the biggest data thefts in history because of its impact and scope.
The United States does not have a federal identification system equivalent, for example, to the Spanish DNI, so it uses many of these data as proof of identity when accessing certain services and social benefits. These data are also those that are used as proof of identity in many websites in case of loss of password. The reason the company holds such a high number of data is that Equifax is, working together with Experian and the TransUnion, one of the three major credit and solvency monitoring agencies for financial institutions.
They produce reports and assign a score that guides banks in offering loans and mortgages.In addition to personal data, the attackers also managed to get 209,000 credit card numbers. It is the third time that Atlanta-based Equifax has undergone a large-scale cyber attack in recent history.The company has begun alerting customers affected by email and regular mail and is working with the FBI and a private research team to try to curb the sale of these data in digital markets.To complicate matters, three senior executives sold shares of the company – which fell more than 12% after the attack was known – in the days leading up to the release of the information. Equifax assures, however, that these managers were not aware of the attack.