Janina Lim – Fourth Estate Contributor
Atlanta, GA, United States (4E) – Equifax Inc. said around 2.5 million more Americans may have had their personal information accessed or stolen due to the massive security breach of the firm’s systems, bringing the total to 145.5 million people.
The firm said the company it tapped to look into the incident, Mandiant, has concluded its investigation and will unveil the results “promptly.”
The credit report company also said it would update its own notification system for people who want to check if they were among those affected by Oct. 8.
The information, stolen by a yet unknown identity, included names, Social Security numbers, birth dates and addresses.
While Equifax earlier said that up to 100,000 Canadians were potentially affected, it said the investigation only noted around 8,000 Canadian citizens affected.
Equifax’s former CEO, Richard Smith, who announced his retirement last month, admitted that “it was this unpatched vulnerability that allowed hackers to access personal identifying information.”
The former chief revealed that the first time hackers accessed sensitive information was on May 13. Between May 13 and July 30, there was evidence that the hackers continued with their activity but Equifax’s security department observed suspicious network traffic only on July 29.
Smith noted, however, that the hack ended the next day.
The suspicious activity resurfaced and was reported to him on July 31 in a conversation with the company’s chief information officer.
Smith then planned a senior leadership team meeting on August 17 where he learned that large volumes of consumer data had already been exposed to risk.
The lead member of the company’s board of directors was notified on August 22, the full board, two days later. The board met on Sept. 1 where Smith discussed the breach.
It wasn’t until Sept.7 that the company worked on a support package for consumers and then notified the public.
“To each and every person affected by this breach, I am deeply sorry that this occurred,” Smith was quoted as saying.
“Whether your personal identifying information was compromised, or you have had to deal with the uncertainty of determining whether or not your personal data may have been compromised, I sincerely apologize. The company failed to prevent sensitive information from falling into the hands of wrongdoers.”
Smith is set to face the Congress starting Tuesday.Equifax is also charged with several state and federal inquiries and numerous class-action lawsuits.
Article – All Rights Reserved.
Provided by FeedSyndicate