Equifax suffers major breach - are you affected?

By Marianne Curphey


Equifax customers should be alert for any suspicious activity related to their credit or banking details after a major data breach affected the firm in the US, security experts say.

Equifax revealed on 7 September, 2017 that hackers had accessed and stolen the personal details of 143 million Americans - as well as a limited number of UK customers.

Credit reference agencies store much information about people's credit arrangements and financial behaviour. This could involve mortgage finance, car loans and credit cards as well as personal loans and mobile phone contracts.

Equifax said the breach occurred between mid-May and July of 2017. The breached information includes names, social security numbers, dates of birth, addresses and around 209,000 credit card numbers.

The firm, whose share price in the US fell 13% on the news on 8 September, said "limited personal information" from British and Canadian residents had also been compromised. 

What can criminals do with your information?
David Morrow, founder of fraud resource website Fraudfit, says criminals were looking to harvest information from sources around the web.

They used information to create a profile of an individual, which is then sold on the Dark Web.

"The more detail you have, the better the profile that can be built up, and the higher the price it fetches," Morrow says. Depending on the level of detail and the potential net worth of the customer, these profiles are categorised as gold, silver or bronze.

Using information in Facebook, LinkedIn, or any site through which they can assemble enough information to create a profile, criminals construct a fact-file of the customer.

"A card number and date of birth might be sufficient information for a criminal to phone up, impersonate you, and get your account balance at some banks," he says.

Detailed information about customers, including the financial organisations with whom they had credit arrangements, is "precisely the kind of information that the bad guys are after," Morrow says.

What should Equifax consumers do now?
Following the announcement, the Information Commissioner's Office (ICO), the UK data watchdog, urged Equifax to inform British residents "at the earliest opportunity" if their personal information has been put at risk.

John Greenwood, executive director of security firm Compliance 3, says it's clear that Equifax had vulnerabilities that cyber criminals had exploited.

"People should consider changing their passwords and watch out for any suspicious activity," he says. "It is not yet clear what UK data is stored in the US."

The ICO is investigating the breach and says it is working with Equifax to establish the extent of the problem.  It is not yet clear how many people have been affected in the UK.

Equifax has set up a website through which consumers can read more about the breach. Equifax's consumer and commercial credit reporting databases are believed to be unaffected.

Creditcards.com contacted Equifax UK for comment, but received no response as of 8 September, 2017.

See related: What to do if your data is part of a major breach; New rules give consumers more insight about personal data; How to ensure companies truly delete your personal data

Published: 8 September 2017