143m affected in hack of US credit agency

[WASHINGTON] US credit reporting agency Equifax said Thursday its computer systems were hit by hackers, potentially affecting 143 million US customers as well as some data for British and Canadian residents.

The company, which safeguards financial data for consumers applying for credit, said in a statement it learned of the breach on July 29 and "acted immediately" with the assistance of an independent cybersecurity firm to assess the impact.

"Criminals exploited a US website application vulnerability to gain access to certain files," the statement said.

"Based on the company's investigation, the unauthorised access occurred from mid-May through July 2017."

Equifax said the hackers obtained names, social security numbers, birth dates, addresses and, in some instances, driver's license numbers from the database, potentially opening up the victims to identity theft.

The company said credit card numbers were compromised for some 209,000 US consumers, as were credit dispute documents for 182,000 people.

Equifax said it would work with British and Canadian regulators to determine appropriate next steps for customers affected in those countries, but added that it "found no evidence that personal information of consumers in any other country has been impacted." "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do," said company chairman and chief executive Richard Smith.

"I apologise to consumers and our business customers for the concern and frustration this causes. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations."

Equifax said it had established a website to enable consumers to determine if they are affected and would be offering free credit monitoring and identity theft protection to customers.

The company is the latest to announce a major breach. Yahoo last year disclosed two separate cyber attacks which affected as many as one billion accounts.

More than 400 million accounts were affected by a breach disclosed last year at the hookup site Adult Friend Finder, and other firms affected in recent years included Heartland Payment Systems and retail giant Target.

AFP