Credit reporting agency Equifax says cyber criminals exploited a website vulnerability to access confidential information, affecting as many as 143 million Americans and an undisclosed number of people in Canada and the United Kingdom.
Equifax disclosed in a statement on Thursday afternoon that criminals exploited a vulnerability on a U.S. website to gain access to certain files from mid-May through July. The agency’s core databases are not believed to have been affected.
According to the company, the criminals primarily accessed information such as names, Social Security numbers, birth dates, addresses and, in some cases, driver’s license numbers. They also accessed credit card numbers for 209,000 Americans and dispute documents with personal identifying information for 182,000 Americans.
In addition to consumers in the United States, the investigation also revealed that the cyber criminals gained access to “limited personal information” for people in Canada and the United Kingdom. The company did not immediately disclosed how many people in the UK and Canada were affected or which information was accessed.
The cyber security breach was discovered on July 29 but not publicly disclosed until Thursday.
Filings from the U.S. Securities and Exchange Commission (SEC) showed that three Equifax executives – Chief Financial Officer John Gamble Jr., workforce solutions president Rodolfo Ploder and U.S. information solutions president Joseph Loughran – sold $1.8 million in shares just 3 days after the breach was discovered.
None of the filings indicate that they were part of 10b5-1 pre-scheduled trading plans, according to the Bloomberg news agency. It was not immediately known whether the executives were aware of the data breach when they decided to sell the shares, but Thursday’s announcement caused Equifax shares to fall more than 13 percent in after-hours trading.
With at least 143 million people affected, it makes it one of the largest cyber security breaches ever reported, affecting nearly half of the U.S. population. Only three other data breaches are known to have affected a larger number of users.
(Copyright 2017 by BNO News B.V. All rights reserved. Info: firstname.lastname@example.org.)