Security breach at Equifax

A security breach at Equifax could have exposed sensitive information of 143 million Americans.

Equifax supplies credit information and provides other information services.

Background

Equifax Inc. is a consumer credit reporting agency in the United States. It was founded in 1899 and it is one of the largest credit agencies in America. A global service provider, it has employees in over 14 countries. It’s annual revenue as reported in 2014 was approximately US $2.7 billion.

The company collates and maintains information of 88 million businesses worldwide as well as 800 million consumers. Twice in the company’s history, it has been fined for violating the Fair Credit Reporting Act by the Federal Trade Commission.

In 2016, Yahoo announced that nearly one billion accounts were exposed as a result of a similar breach. In June 2017, the voter data of close to 200 million Americans were leaked accidentally by a political firm.

Analysis

On September 2017, it announced that a large-scale data breach had taken place in the company. It stated that an unauthorized third party was able to gain access to Equifax data on as many as 143 million Americans. This is nearly half the population of America. The Census Bureau estimates that there are 324 million people in America in 2017.

According to Equifax, the breach occurred sometime around July 29^th, 2017. In a statement the company said, “Criminals exploited a U.S. website application vulnerability to gain access to certain files.” In total, the data that was breached included names of people as well as their birth dates, Social Security numbers and addressed. 209,000 credits cards were obtained and the driver’s license numbers of some of the consumers were also breached.

Chairman and Chief Executive Officer, Richard F. Smith apologized to the company’s consumers noting, “This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”

Share prices of the company fell 12% hours after the data breach was made public. According to some experts, this is one of the worst instances of data breach to have ever occurred. Pamela Dixon, executive director of the World Privacy Forum, a nonprofit research group said, “This is about as bad as it gets. If you have a credit report, chances are you may be in this breach. The chances are much better than 50 percent.”

The company has set up a website (www.equifaxsecurity2017.com) to help consumers find out if their data has been breached.

Assessment

As we have earlier predicted, large conglomerates and governments across the world are becoming increasingly vulnerable to cyber data breaches. The security breach at Equifax affects the whole credit reporting system in the United States and will have far reaching repercussions in the months to come. We have to now seriously the risks posed by a cyber breach on Aadhaar card.