Equifax is one of the top credit reporting agencies in the U.S. with millions of clients from around the U.S. However, the organization faced some serious data breach issues back in 2017. It not only impacted the nation but was also covered in the international media. Let us take a quick look at the Equifax Data breach in 2017.
The Equifax Data Breach: Background
Equifax is one of the leading credit bureaus in the US. It is a Credit Reporting Agency (CRA), whose job is to create reports for credit information for individuals that provide them. This includes all kinds of credit history, ranging from their credit cards to their loans.
The interesting part is that the CRAs do not collect information from the owners, but from the business providers directly. This can include some of the following sources
- Credit Card Companies
- Landlords, Etc.
So, when someone needs a loan, the creditors can pull a report from a reliable CRA, and check complete information. The lenders will likely provide the applicant with the loan if their CRA report supports the owner. Therefore, it is safe to say that these CRA reports play a vital role in owners’ lives.
The 2017 Equifax Data Breach
Equifax announced a data breach on September 7th, which shocked millions across the U.S. It is because the data breach compromised information for nearly 143 million citizens in the U.S., putting data worth millions at risk.
The bigger problem was that the data breach also impacted several people in Canada and UK too. However, Equifax did not provide an exact number of the international victims of this data breach. The company further explained that this unauthorized data breach occurred during May and July 2017.
However, the most interesting thing about this was how the hackers accessed data. They accessed Equifax’s online dispute portal in the U.S. This not only exposed tons of data but also put the following information at risk:
- Birth Date
- Driver’s License Number
- Social Security Number
How Did Hackers do it?
Nearly 2 days later on March 9, 2017, Equifax received an email suggesting they install a patch to avoid the reoccurrence of these cases. These patches ran tests and identified potentially vulnerable systems.
However, Equifax did not apply the patch until July 19th, 2017. They only did this when they identified suspicious activity on their network.
What Did Equifax Do?
Equifax started taking its cybersecurity much more seriously when the suspicious activity did not stop, so they had to take their web application down for some time. This first step aimed to reduce the chances of further data compromises until the situation is resolved.
Equifax then hired a cybersecurity team three days later and conducted the required research. This research primarily included forensics, which revealed that around 2.5 million U.S. consumers were also at risk of a data breach. This totaled the number of victims in the U.S. to around 145 million.
The same announcement highlighted some dangerous news for Canadian users as well. It claimed that nearly 8,000 Canadian user data was also compromised. Equifax wanted to take things to the next level, so it conducted research for its UK market as well.
The results of the UK market research were not published right away; however, later reports indicated that nearly 693,665 UK citizens’ data faced breach.
To help counter this issue, Equifax took some simple yet effective steps, which included the following
- They created a separate, secure domain name as www.equifaxsecurity2017.com
- This allowed the site to be flagged as a phishing attempt on internet browsers.
- Interestingly, developer Nick Sweeting bought the domain name to show Equifax the impact of phishing sites.
- Customers that contacted Equifax right after the breach were requested to change their account PIN details.
Equifax faced a major drawback in 2017; with its historic data breach that put millions of U.S. citizens at risk. However, it has refocused on infrastructure security, and plenty of other elements, making it a secure CRA site in the U.S.