Home » News » Equifax admits to further data stolen in 2017 hack

Equifax admits to further data stolen in 2017 hack

Thursday, 15 February, 2018

The US credit rating agency Equifax has admitted it didn’t reveal the full extent of the consumer data hacked in what was the largest single data breach of 2017.

In September Equifax reported that it had suffered a data breach that had affected more than 145 million people, primarily Americans but also including Canadian and British citizens.

The data stolen, they said at the time referred to social security numbers, birth dates, addresses and drivers’ license numbers.

But after investigation by the US Senate Banking Committee it was revealed that more data was stolen than first reported.

Equifax came under intense pressure after publicly confirming the hack last year.

Consumers registered more complaints with the handling of the data breach than with the initial intrustion. A portal set up by company top brass to help potential victims’ find out whether their data had been leaked was poorly designed and, cybersecurity experts noted, had many features in common with phishing websites.

Nervous users had to enter part of their social security numbers on www.equifaxsecurity2017.com even though the site was not hosted on a domain belonging to Equifax nor did it come with standard security applications.

Fail after fail

The revelations of additional data hacked came to light after investigation by celebrated activist and Senator, Elizabeth Warren.

At the time Equifax faced criticism when it was revealed the firm took four months before disclosing the hack and the vulnerable server attributed to the hack had not been patched.

Even after Equifax had disclosed the breach it struggled to inform users, many had little idea the company had held data on them.

In October, when I asked the CEO about the precise extent of the breach, he couldn’t give me a straight answer. So, for five months I investigated it myself.

My investigation revealed the depth of the breach and cover-up at Equifax. And since I published the report. Equifax has confirmed it is even worse than they told us.

- Senator Elizabeth Warren: Democrat, US Senate Banking Committee

In its defence, Equifax declared the committee’s findings were deeply misleading but did confirm that additional data was impacted by the breach.

The company said it had always been upfront about the hack and had informed customers with direct email notices and the number of affected customers had not changed.

Equifax CEO Richard Smith, who was rebuked at a hearing in November for failing to answer questions about the breach, was forced to retire. Others to fall on their swords included the Chief Security Officer Susan Mauldin.

Equifax reported they had recently appointed her replacement Jamil Farshchi who had previously worked at Home Depot.

Under his watch the home improvement company suffered a data breach in 2014 in which email addresses and payment card data were stolen affecting 56 million Home Depot customers.

Since the breach both Senator Warren and fellow committee member Senator Mark Warner have introduced the Data Breach Prevention and Compensation Act.

The Act will hold credit reporting agencies, such as Equifax accountable for data breaches that put consumer data at risk. And if passed Equifax could face billions in fines.

MAIN IMAGE: GotCredit/CC BY 2.0

Tim Bamford author picture


Tim is a veteran freelance journalist writing extensively on internet news and cybersecurity.

News What's the story?

Keep up with the latest developments in UK broadband.

The biggest malware threats of 2020…so far

It’s been a year few of us will forget in a hurry, and we're only halfway through.

The biggest malware threats of 2020…so farThe biggest malware threats of 2020…so far Read more

Instagram could become the main news source for young people.

Reuters finds changes in the way younger users consume the news.

Read more

BT launches second line service

BT launches second broadband home line service for the new crop of home workers.

Read more

Best broadband areas for online gaming in the UK.

Read more

Help Learn with us

Make the most of the internet with our broadband library.

How to check if your broadband is down

It might seem obvious that an outage has occurred, but there are easy ways to check if your broadband is down, or whether the problem is more localised

How to check if your broadband is downHow to check if your broadband is down Read more

A guide to Big Tech alternatives.

It seems like we’re reliant on a small group of companies, are there alternatives?

Read more

Quick tips for boosting home broadband speed

Boosting speed can transform activities like streaming, gaming and accessing cloud storage

Read more

What’s the difference between hardware, firmware and software?

Read more