Equifax Says Data From 143 Million Americans Exposed in Hack
Equifax is blaming an unspecified "website application vulnerability" in hackers' ability to get personal information on 143 million Americans.
Equifax is blaming an unspecified "website application vulnerability" in hackers' ability to get personal information on 143 million Americans. Security experts say it's hard to say for sure without more information, but such vulnerabilities typically don't require a lot of sophistication to exploit.
Rich Mogull, who runs the security research firm Securosis, says the web app breach suggests "things are broken down in a couple of different areas." He says someone likely made a programming or configuration mistake, but corporate culture could also be a factor. Often, he says, corporate security is underfunded or isn't given the authority it needs to make sure application developers do what's right.
Ryan Kalember of the security company Proofpoint says that even if the vulnerability was known and fixable, "coordination between app developers and security teams in a lot of organizations are not on the best of terms."
Equifax disclosed Thursday that a breach exposed personal information, including Social Security numbers, on 143 million Americans.
The Atlanta-based company said Thursday that "criminals" exploited a U.S. website application to access files between mid-May and July of this year.
It said consumers' names, Social Security numbers, birth dates, addresses and, in some cases, driver's license numbers were exposed. Credit card numbers for about 209,000 U.S. consumers were also accessed.
The company said hackers also accessed some "limited personal information" from British and Canadian residents.
Equifax said it doesn't believe that any consumers from other countries were affected.
To learn more about the cybersecurity incident, including whether your personal information was potentially impacted, or to sign up for complimentary identity theft protection and credit file monitoring, click here
(The Associated Press contributed to this report.)
To find out whether your personal information has been compromised as a result of this breach, visit https://www.equifaxsecurity2017.com/ Consumers can also call 1-866-477-7559 for more information.
For more information or questions about the Nevada Identity Theft Program, please send email to PIU@ag.nv.gov or call 1-877-213-5227.