Equifax breach affects 143 million consumers, including some Canadians

The Atlanta, Ga.-based office of consumer credit-reporting agency Equifax Inc. announced Thursday that it had been the victim of a cybersecurity breach that may affect approximately 143 million consumers, including some Canadians.

The majority of information accessed in the breach included names, social security numbers, birth dates, addresses, some driver’s licence numbers, and the credit card numbers for approximately 209,000 U.S. consumers, and dispute documents with personal identifying information for approximately 182,000 U.S. consumers.

The company also discovered unauthorized access to what CBC News reported as “limited personal information” for some Canadian and U.K. residents, but did not disclose the number of people affected.

In a statement, Equifax said that it will work with U.K. and Canadian regulators to “determine appropriate next steps,” adding that it has “found no evidence that personal information of consumers in any other country has been impacted.”

Though Equifax only reported the breach this week, the unauthorized access occurred between mid-May and July 2017. According to the company’s internal investigation, perpetrators exploited a U.S. website application vulnerability to access the files.

After the announcement, a Bloomberg investigation that three Equifax executives had sold their company stock before the hack was revealed, though according to the company the trio had not yet been informed of the incident.

In a statement emailed to IT World Canada, David Masson, Canada country manager of cybersecurity firm Darktrace, said that Canadian companies should view the breach as a cautionary tale.

“Time and time again, we have seen attacks of this scale plague the news,” Masson said. “It is clear that companies have a huge visibility problem – they simply cannot see what is happening inside their own networks.”

“New cyber-attacks are increasingly inconspicuous – in Equifax’s case, able to exfiltrate data from the network for almost two months without sounding any alarms,” he continued. “With 143 million accounts potentially breached, cyber-criminals are undoubtedly succeeding in undermining consumer confidence in organizations’ ability to keep our information private.”

“Companies need to ask themselves a crucial question: how do you stop the attacker already inside your network, before it escalates into a crisis?”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Eric Emin Wood
Eric Emin Wood
Former IT World Canada associate editor turned consultant with public relations firm Porter Novelli. When not writing for the tech industry enjoys photography, movies, travelling, the Oxford comma, and will talk your ear off about animation if you give him an opening.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now