September 7, 2017 — Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.
The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted.
Equifax discovered the unauthorized access on July 29 of this year and acted immediately to stop the intrusion. The company promptly engaged a leading, independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Equifax also reported the criminal access to law enforcement and continues to work with authorities. While the company’s investigation is substantially complete, it remains ongoing and is expected to be completed in the coming weeks.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Chairman and Chief Executive Officer, Richard F. Smith. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”
Equifax has established a dedicated website, www.equifaxsecurity2017.com, to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection. The offering, called TrustedID Premier, includes 3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers – all complimentary to U.S. consumers for one year. The website also provides additional information on steps consumers can take to protect their personal information. Equifax recommends that consumers with additional questions visit www.equifaxsecurity2017.com or contact a dedicated call center at 866-447-7559, which the company set up to assist consumers. The call center is open every day (including weekends) from 7:00 a.m. – 1:00 a.m. Eastern time.
In addition to the website, Equifax will send direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were impacted. Equifax also is in the process of contacting U.S. state and federal regulators and has sent written notifications to all U.S. state attorneys general, which includes Equifax contact information for regulator inquiries.
Equifax has engaged a leading, independent cybersecurity firm to conduct an assessment and provide recommendations on steps that can be taken to help prevent this type of incident from happening again.
CEO Smith said, “I’ve told our entire team that our goal can’t be simply to fix the problem and move on. Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will.”
How to enroll in complimentary identity theft protection and credit file monitoring services and how to find out if your personal information may have been impacted
To enroll and activate your complimentary identity theft protection and credit file monitoring product, called TrustedID Premier, please follow the steps outlined below. At the beginning of this process, you will find out whether your personal information may have been impacted by this incident. After that step, you will be given a date to return to this site to enroll in TrustedID Premier. The enrollment process is scheduled over several days to minimize delays and to service all consumers efficiently. We ask for your cooperation in adhering to this process so that we can enroll all consumers who sign up as quickly as possible.
Beginning: What to Know
- When you begin, you will be asked to provide your last name and the last six digits of your Social Security number.
- Based on that information, you will receive a message indicating whether your personal information may have been impacted by this incident. Regardless of whether your information may have been impacted, we will provide you the option to enroll in TrustedID Premier.
- You will receive an enrollment date. You should return to this site and follow the “How do I enroll?” instructions below on or after that date to continue the enrollment and activation process. The enrollment period ends on Tuesday, November 21, 2017.
Enrollment: What to Know
- On your designated enrollment date, please return to this site, www.equifaxsecurity2017.com. For security purposes, you will be asked to re-enter your last name and the last six digits of your Social Security number.
- To enroll in TrustedID Premier, you will be asked to provide additional information to verify your identity. You also will need to provide a valid email address in order to complete the process.
- Within a few days, you will receive an email with a link to activate TrustedID Premier. Please be sure to check your spam and junk folders if you do not receive your activation email within that timeframe.
- When you receive an enrollment date, please write it down or print the page, so you will know your scheduled date for enrollment.
- Because TrustedID Premier includes 3-Bureau credit monitoring, please note that credit monitoring by all three credit bureaus (Equifax, Experian and TransUnion) will take several days to begin.
Thank you for allowing us this opportunity to assist you. We appreciate your patience during this time.
Remember to subscribe to Epic Geekdom : )
Remember to Like our Twitter and Facebook page : )
For more geeky — nerdy articles, pictures, animation and videos…. LIKE us on the following sites : )
FB – https://www.facebook.com/EpicGeekdom
Google+ = https://plus.google.com/communities/102191452944358349371
Twitter — https://twitter.com/EpicGeekdom
Website – www.EpicGeekdom.com