The company says criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on its investigation, the unauthorized access occurred from mid-May through July 2017.
The company has found “no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.”
The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.
In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.
Equifax also identified unauthorized access to limited personal information for certain U.K. and Canadian residents. It found no evidence that other countries have been affected. Its investigation is ongoing and is expected to be completed in the coming weeks.
“I’ve told our entire team that our goal can’t be simply to fix the problem and move on. Confronting cybersecurity risks is a daily fight,” says Equifax Chairman and CEO Richard F. Smith.
The firm has established a dedicated website, www.equifaxsecurity2017.com, to help consumers determine whether or not their information has been potentially impacted and to sign up for credit monitoring and identity-theft protection.
Equifax also has engaged an independent cybersecurity firm to conduct an assessment and provide recommendations.
- FIS, Equifax Want You to Say Goodbye to Passwords
- Mizuho Primes for Financial Crime with IBM Watson
- CPI’s Instant Issuance Tech Proves Value for Bank after Breach
Image Credits: Shutterstock