ProPrivacy is reader supported and sometimes receives a commission when you make purchases using links on this site.

Equifax Hacked for 143 Million Social Security Numbers

Equifax is one of the three major US credit report companies. It monitors millions of Americans' creditworthiness and assigns them a “credit score.”

This credit score is used by banks to asses whether they should extend you a loan, car rental companies to decide if they should rent you a car, and even by employers to judge the employment-worthiness of your character.

Equifax announced yesterday that it has been hacked by “criminals.”  Information obtained by hackers includes consumers’ names, social security numbers, birth dates, addresses, and even many drivers’ license numbers.

Scale of the Attack

143 million Americans are almost half the entire population of the United States! 209,000 of these victims are particularly unlucky, as the criminals also made off with their credit card numbers.

Some “limited personal information” belonging to British and Canadian consumers was also stolen. Equifax chairman and CEO Richard Smith issued the following statement:

This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.

Gartner security analyst Avivah Litan observed to the Guardian:

On a scale of one to 10, this is a 10 in terms of potential identity theft. Credit bureaus keep so much data about us that affects almost everything we do.

Senator Mark Warner, vice-chairman of the senate intelligence committee, was also keen to stress the seriousness of this breach:

It is no exaggeration to suggest that a breach such as this … represents a real threat to the economic security of Americans.

The hack is all the more damaging because Equifax sells its services to companies as a consumer protection and data breach specialist.

Interesting Timing

The hack, which exploited a US website application to access files, occurred between mid-May and July. Equifax did not become aware of it until 29 July. It then took the company a full week to make the news public.

During this time, three senior Equifax Inc. executives sold shares worth almost $1.8 million. Since the news was made public, shares in Equifax have tumbled. As suspicion grew, a spokesperson for Equifax issued the following statement denying any wrongdoing on the executives’ part:

The three executives who sold a small percentage of their Equifax shares on Tuesday, August 1, and Wednesday, August 2, had no knowledge that an intrusion had occurred at the time they sold their shares.

As the Bloomberg report that broke the story notes:

I doubt this is the end of it...

Damage Limitation

You can check to see if your data has been stolen by visiting this website or calling 866-447-7559. Equifax is also offering consumers free monitoring:

We have taken the unprecedented step of offering every US consumer in the country a comprehensive package of identity theft protection and credit file monitoring at no cost.

As Ryan Kalember, Senior Vice President at cybersecurity company Proofpoint, observes, however, the notion of trusting a company to protect your identity, when it just completely failed to protect your identity, is “utterly farcical.”

Written by: Douglas Crawford

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at ProPrivacy.com. Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.

1 Comment

J. Anderson
on September 15, 2017
With such a large breach, the company must be held accountable. Since the breach was noticed in July, why it took them more than a month to notify the public and agencies ? What were they thinking? Their response was a joke when they tired to also tried to charge the public for their credit monitoring service. Clearly they were also trying to profit from their data management errors. Trying yo get thru their websites & customer service is also a joke at the moment. Would you trust them to safe guard your financial information again?

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

A large brand offering great value at a cheap price

One of the largest VPNs, voted best VPN by Reddit

One of the cheapest VPNs out there, but an incredibly good service