143 million customer records compromised in Equifax hack

it equipment

Credit agency Equifax has revealed that data from 143 million customers may have been compromised in a security breach earlier this year.

US, UK and Canadian residents are among those to have their details accessed through a website application vulnerability.

The attack was discovered to have run from mid-May until 29 July.

Names, social security numbers, birth dates, addresses and in some instances driving license numbers were stolen, as were credit card numbers for around 209,000 people and dispute documents with personal identifying information for approximately 182,000 US consumers.

Equifax says it has found no evidence of activity on Equifax’s core consumer or commercial credit reporting databases.

It has engaged a leading, independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted.

Last month, Asset Finance International reported on the ‘stunning’ increase in data breaches affecting companies globally.

There were 2,227 publicly disclosed ‘data compromise events’ to the end of June, which is broadly similar to 2015 and 2016, but the total number of exposed records has already broken last year’s record figure.

Inga Goddijn, executive vice president for Risk Based Security, which revealed the figures in its mid-year Data Breach QuickView report, said: “It is stunning to see the steady increase in the number of breaches impacting one million or more records.

“In the first six months of 2013, 2014 and 2015, the number of these large breaches hovered in the mid-teens. Last year we saw that number jump to 28, and now, for the first six months of this year, we’re tracking 50 such incidents.”

Hacking accounted for 41% of disclosed breaches, with Goddijn warning: “There are a lot of moving parts to an effective patch management program, but no matter how strong that process might be, it can be undermined when known vulnerabilities are missed simply because the organization was not aware to look for them.

“The breach activity we are tracking this year is a stark reminder of just how many data compromise incidents are motivated by financial gain. As long as information can be quickly monetized and systems remain vulnerable to attack, we should not expect to see any slowdown in breach activity”.

The USA dominates the list of the number of data breaches by country and was second when it came to the volume of records exposed, but several European countries are also named.