Massive Equifax data breach is even worse than originally thought

  • Massive Equifax data breach is even worse than originally thought

Massive Equifax data breach is even worse than originally thought

An additional 2.5 million consumers may have been affected by the massive data breach at Equifax, the company said in a statement Monday, bringing the new total of potentially affected consumers to a staggering 145.5 million.

Separately, an investigation by Information Security Media Group has found that Equifax's website in Australia was being used by scammers to host files tied to pirate live-streaming services for National Football League and World Cup soccer matches, among other types of content. While Equifax continues to call them "customers", the vast majority of these users were victimized by the credit company itself, seeking out and purchasing their personal info before holding it in a series of insecure web-connected locations. "Equifax was entrusted with Americans' private data and we let them down", Smith wrote.

"It is time to have identity verification procedures that match the technological age in which we live", he said.

As Ars reported on March 9, attackers were already actively exploiting the critical Apache Struts bug. Deutsche Bank AG restated a "buy" rating and issued a $160.00 price objective (up previously from $140.00) on shares of Equifax in a report on Thursday, July 27th.

"The people affected by this are not numbers in a database", Smith said. It's Equifax's policy that such security updates be made within 48 hours. But the "vulnerable versions" of the software were not identified or patched, Smith said. Additionally Smith noted that Equifax has increased its use of network segmentation to restrict access from internet facing systems to backend databases and data stores. As with all data breaches, Equifax will also incur financial losses through its responsive investigations and, likely, costs resulting from lawsuits. Mark Warner has stated that he is working on efforts to pass a data breach notification law requiring companies to notify customers about a breach within a certain narrow time frame.

Equifax has said hackers gained access to the company's systems from May 13 to July 30.

Lawmakers pressed Smith about company executives selling stock in the company after the suspicious activity had been detected.

The former CEO said hackers were able to infiltrate a software weakness in an online portal that allows consumers to dispute items on their credit report.

The massive Equifax hack just keeps getting worse.

ILLEGAL ACTIVITY WARNING: "William Blair Comments on Equifax, Inc.'s Q3 2017 Earnings (EFX)" was first posted by Dispatch Tribunal and is the property of of Dispatch Tribunal.

Equifax says fewer than 400,000 United Kingdom consumers had some of their personal information compromised, but it was more limited in scope and unlikely to lead to identity theft.

The company previously estimated that some 100,000 Canadians could have had their personal information compromised before a forensic review by cybersecurity firm Mandiant found the actual number to be much lower. The Mandiant investigation revealed that the number is significantly less, with only approximately 8,000 Canadians at risk. Also, insider Rodolfo O. Ploder sold 1,719 shares of the company's stock in a transaction dated Wednesday, August 2nd. The series of delays and failures expose a troubling lack of rigor for a company that acts as one of the world's biggest sources of consumer and commercial information.