Updates
September 19th, 2017
Update: Equifax Confirms 100,000 Canadians Potentially Affected in Massive Data Breach
September 14th, 2017
Equifax Massive Data Breach Update: What does this mean for Canadians?
September 8th, 2017
Caution to be exercised before accessing Equifax's site to check if you have been affected
What's the issue?
As well as credit reporting and scoring, Equifax Inc. is a top three leader in Identity Theft Protection. Over the years it has also provided credit monitoring services to companies that have experienced data breaches. Now, Equifax is challenged with its own massive breach.
Equifax collects information on more than 820 million consumers and 91 million businesses worldwide. It has announced that they have been involved in a cybersecurity breach that could most adversely affect 143 million US consumers, as well as Canadian and UK consumers. For US consumers, based on the company's investigation, they identified that there was unauthorized access to personal identifying information including Social Security number, date of birth, address, and driver's license. In some cases, credit card number and dispute documents were also accessed. For Canadian and UK residents, Equifax has also identified a breach to more limited personal information. Equifax did not disclose what specific data were accessed, but did say they are working with Canadian and UK regulators to determine appropriate next steps.
Equifax first discovered the breach on July 29th but the investigation indicates the breach occurred from mid-May to July. The company reported the incident to law enforcement and hired an independent cybersecurity firm to lead a forensic investigation and to provide recommendations to their data security to prevent another incident like this from happening again. The company has not disclosed how the breach occurred but states that their investigation is ongoing.
What should I do?
Everyone should be on alert for an increase in phishing scam attempts crafted with more detailed and accurate information than usual. In addition closely monitor bank, credit card and other financial account activity is advised.
Equifax is offering their TrustedID Premier credit file monitoring and identity theft protection free to all US consumers for one year. We expect this will be extended to Canadian and UK consumers at some point. Equifax will also be informing consumers via direct mail to those whose credit card number or dispute documents were breached.
Equifax has also set up a dedicated website to help identify if you have been affected by this breach. The Washington Post, however, has reported this morning that consumers and businesses should beware that the Terms of Use accessing the site to see if you have been a victim may affect your rights to participate in subsequent litigation against Equifax. This is a highly unusual development and condition of accessing the site. Brian Krebs of Krebs on Security also has users reporting that after entering identifying data on the site, which we do not recommend at this time, the site does not actually confirm whether you were a victim but subscribes you to their free credit monitoring being offered. The site address is www.equifaxsecurity2017.com/potential-impact, but given these developments we do not recommend you access it until their investigation is complete.
As this is a breach of significant magnitude, we will monitor developments and issue follow-up NPC Security alerts as warranted.
For more information be sure to check Equifax's dedicated website to this data breach at www.equifaxsecurity2017.com.
Sources:
Krebs on Security - Breach at Equifax May Impact 143M Americans
The Toronto Star - Canadians among 143 million people affected in Equifax hack
The Washington Post - By signing up on Equifax's help site, you risk giving up your legal rights