The credit reporting agency Equifax said hackers gained access to sensitive personal data — Social Security numbers, birth dates and home addresses — for up to 143 million people. The Washington Post calls it a major cybersecurity breach at a firm that serves as one of the three major clearinghouses for Americans’ credit histories. Equifax said the breach began in May and continued until it was discovered in late July. It said hackers exploited a “website application vulnerability” and obtained personal data about British and Canadian consumers as well as Americans. Social Security numbers and birth dates give those who possess them the ingredients for identity fraud and other crimes.
Equifax also lost control of an unspecified number of driver’s licenses, along with the credit card numbers for 209,000 consumers and credit dispute documents for 182,000 others. The company said it did not detect intrusions into its “core consumer or commercial credit reporting databases.” “The type of information that has been exposed is really sensitive,” said Beth Givens of the Privacy Rights Clearinghouse, a consumer advocacy group based in San Diego. “All in all, this has the potential to be a very harmful breach to those who are affected by it.” Equifax, based in Atlanta, is working with law enforcement on an investigation of the breach and has hired an independent cybersecurity research firm to assess the scope of the intrusion.