Equifax, a consumer credit reporting agency based within the United States, announced on September 7, 2017 announced a cyber security incident that could potentially impact 143 million customers.
The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted.
Criminals took advantage of a “U.S. website application vulnerability to gain access to certain files” from mid-May through July of this year, Equifax said. The intruders also accessed dispute documents with personal identifying information for about 182,000 consumers.
To make things worse, this incident has been known by Equifax since July 29, and before the hack was disclosed, three executives sold shares worth almost $2 million dollars on August 1. As reported by CNN:
But according to filings with the SEC, Equifax Chief Financial Officer John Gamble sold shares worth nearly $950,000 on August 1. Joseph Loughran, Equifax’s president for U.S. information solutions, sold shares worth about $685,000 on August 1 as well. And Rodolfo Ploder, president of workforce solutions, sold stock for just more than $250,000 on August 2.
According to CNN, Equifax states that the executives “had no knowledge that an intrusion occurred” when the shares were sold.
In The News: