Cyber breach at Equifax could affect 143M U.S. consumers

Equifax (Photo: Mike Stewart, AP)

An estimated 143 million U.S. consumers could be affected by a cybersecurity attack carried out by suspected criminal hackers, national credit-reporting company Equifax said Thursday.

The unauthorized access to information for nearly 44% of the U.S. population occurred from mid-May through July 2017 and primarily involved names, Social Security numbers, birth dates, addresses and, in some cases, driver’s license numbers, the company said in a detailed announcement of the attack.

Additionally, the hackers gained access to credit card numbers for roughly 209,000 consumers, plus certain dispute documents with personal identifying information for approximately 182,000 consumers.

Equifax also identified unauthorized access to limited personal information for certain United Kingdom, and Canadian residents.

However, there was no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases, the company said.

The company also posted questions and answers about the incident for investors.

The news sent shares of Equifax (EFX) down nearly 9% to $130.05 in after-hours Thursday trading.

 Financial regulatory filings show that three of the company’s top executives sold shares of Equifax stock after July 29, the date the firm said the cyberbreach was detected.

On Aug. 1, Chief Financial Officer John Gamble sold shares with a market value of nearly $946,400, while Joseph Loughran, president of Equifax’s U.S. Information Solutions, exercised options to sell nearly $584,100. Rodolfo Ploder, president of business unit Workforce Solutions, sold shares valued at nearly $250,500 on Aug. 2, the filings show. The three executives continued to hold tens of thousands of Equifax shares after the transactions.

News of the cyber attack comes less than three months after the global Petya ransomware attack spread through computers across North America and Europe, affecting 65 countries. Similarly, the massive attack of the ‘WannaCry’ ransomware virus infected computers around the world in May.

Computer systems for the IRS, Target, and other government agencies and private companies have also been struck by cyberattacks in recent years. And Yahoo last year disclosed that information from an estimated 500 million of the internet giant’s accounts was stolen in 2014.

 Atlanta-based Equifax is one of the nation’s largest credit-reporting companies, along with Experian and TransUnion. Equifax says it organizes and analyzes data on more than 820 million consumers and more than 91 million businesses worldwide, and the company’s databases hold employee data submitted by more than 7,100 employers. After discovering the electronic intrusion, Equifax said it hired an independent cybersecurity firm that has since been conducting a forensic investigation aimed at determining the scope of the electronic intrusion and the specific data accessed.

Equifax also reported the attack to law enforcement agencies and is continuing to work with them, the company said.

Additionally, the company established a dedicated website,, to help consumers determine whether their personal information may have been accessed and sign up for credit file monitoring and identity theft protection.

The program, offered without charge to U.S. consumers for one year, includes monitoring of Equifax, Experian and TransUnion credit reports, copies of Equifax credit reports, identity theft insurance, internet scanning for Social Security numbers and the ability to lock and unlock Equifax credit reports.

Separately, Equifax said the company would send direct mail notices to consumers whose credit card numbers or dispute documents were affected by the cyberbreach. The company also is contacting U.S. state and federal regulators and has sent written notifications to all U.S. state attorneys general about the incident.