Equifax admits to further data stolen in 2017 hack

Thursday, 15 February, 2018

The US credit rating agency Equifax has admitted it didn’t reveal the full extent of the consumer data hacked in what was the largest single data breach of 2017.

In September Equifax reported that it had suffered a data breach that had affected more than 145 million people, primarily Americans but also including Canadian and British citizens.

The data stolen, they said at the time referred to social security numbers, birth dates, addresses and drivers’ license numbers.

But after investigation by the US Senate Banking Committee it was revealed that more data was stolen than first reported.

Equifax came under intense pressure after publicly confirming the hack last year.

Consumers registered more complaints with the handling of the data breach than with the initial intrustion. A portal set up by company top brass to help potential victims’ find out whether their data had been leaked was poorly designed and, cybersecurity experts noted, had many features in common with phishing websites.

Nervous users had to enter part of their social security numbers on www.equifaxsecurity2017.com even though the site was not hosted on a domain belonging to Equifax nor did it come with standard security applications.

Fail after fail

The revelations of additional data hacked came to light after investigation by celebrated activist and Senator, Elizabeth Warren.

At the time Equifax faced criticism when it was revealed the firm took four months before disclosing the hack and the vulnerable server attributed to the hack had not been patched.

Even after Equifax had disclosed the breach it struggled to inform users, many had little idea the company had held data on them.

In October, when I asked the CEO about the precise extent of the breach, he couldn’t give me a straight answer. So, for five months I investigated it myself.

My investigation revealed the depth of the breach and cover-up at Equifax. And since I published the report. Equifax has confirmed it is even worse than they told us.

- Senator Elizabeth Warren: Democrat, US Senate Banking Committee

In its defence, Equifax declared the committee’s findings were deeply misleading but did confirm that additional data was impacted by the breach.

The company said it had always been upfront about the hack and had informed customers with direct email notices and the number of affected customers had not changed.

Equifax CEO Richard Smith, who was rebuked at a hearing in November for failing to answer questions about the breach, was forced to retire. Others to fall on their swords included the Chief Security Officer Susan Mauldin.

Equifax reported they had recently appointed her replacement Jamil Farshchi who had previously worked at Home Depot.

Under his watch the home improvement company suffered a data breach in 2014 in which email addresses and payment card data were stolen affecting 56 million Home Depot customers.

Since the breach both Senator Warren and fellow committee member Senator Mark Warner have introduced the Data Breach Prevention and Compensation Act.

The Act will hold credit reporting agencies, such as Equifax accountable for data breaches that put consumer data at risk. And if passed Equifax could face billions in fines.

MAIN IMAGE: GotCredit/CC BY 2.0

Tim Bamford author picture

By:

Tim is a veteran freelance journalist writing extensively on internet news and cybersecurity.

News What's the story?

Keep up with the latest developments in UK broadband.

BT and O2 launch 5G in the same week!

BT and O2 are the latest networks to enter the bitter high street 5G battle.

BT and O2 launch 5G in the same week!BT and O2 launch 5G in the same week! Read more

UK Porn block for children has been scrapped.

The government’s controversial ‘porn blocker’ plan, mired in delays and problems, has been officially scrapped.

Read more

Gigaclear undertake costly fibre install UNDER River Severn to reach rural customers

The upstart ISP embarks on ambitious plan to ensure rural customers have access to full fibre broadband!

Read more

New rules bring full-fibre to apartment blocks

New measures help ISPs sidestep rogue landlords

Read more

Help Learn with us

Make the most of the internet with our broadband library.

Minimum connection speeds for common online activities

Read more

How many companies provide full fibre broadband?

Read more

What is Britbox, and how do I get it?

The latest addition to the crowded TV Streaming market may struggle to break through

Read more