Equifax breach exposes 143 million people identity theft
The Equifax breach, also known as the Equifax data breach, was a massive cybersecurity incident that occurred in 2017. On September 7, 2017, Equifax, one of the largest consumer credit reporting agencies in the world, announced that it had been hacked, exposing the personal and financial information of approximately 143 million people in the United States, or about 44% of the population.
The breach was discovered on July 29, 2017, and it is believed to have occurred between mid-May and late July 2017. The attackers gained access to Equifax's systems through a vulnerability in an open-source software, Apache Struts, which was exploited by the hackers.
The stolen data included:
- Names
- Birth dates
- Social Security numbers
- Addresses
- Driver's license numbers
- Credit card numbers (for some individuals)
- Personal identification numbers (PINs)
- Employer and income information
The breach was particularly concerning because it exposed sensitive personal and financial information, making it easier for identity thieves to commit fraud and steal people's identities.
Equifax initially announced that the breach affected approximately 100 million people, but later updated the number to 143 million. The company also stated that the breach did not affect its core credit reporting database, which contains information on credit accounts and payment history.
In response to the breach, Equifax:
- Set up a website (www.equifaxsecurity2017.com) for affected individuals to check if their information was compromised.
- Offered free credit monitoring and identity theft protection for one year to affected individuals.
- Established a dedicated call center to assist affected individuals.
- Conducted an investigation and notified law enforcement agencies.
The Equifax breach was one of the largest data breaches in history, and it led to widespread criticism of the company's handling of the incident. The breach also raised concerns about the security of sensitive personal and financial information and the need for stronger data protection regulations.
In the aftermath of the breach, Equifax faced numerous lawsuits, regulatory investigations, and Congressional hearings. The company also faced criticism for its initial response to the breach, which was seen as slow and inadequate.
In 2018, Equifax agreed to pay $700 million to settle a class-action lawsuit related to the breach. The company also agreed to implement additional security measures to protect sensitive information and to provide affected individuals with free credit monitoring and identity theft protection for 10 years.