Atlanta-based Equifax hit with massive data breach

Atlanta-based credit reporting and technology company Equifax said Thursday a “cyber security incident” may have exposed to criminals the personal information, including Social Security numbers, of 143 million U.S. consumers.

The personal information said to have been accessed — also including, names, birth dates and addresses — is some of the most sensitive possible, and could leave consumers vulnerable to identity theft and financial fraud for years, experts said. Personal identity information can be used over and over and fetch high prices among criminals.

Cyber thieves have hacked a number of high-profile targets in recent years, including payment systems at Home Depot, the accounts of a half-billion Yahoo users and even taxpayer data held by the Internal Revenue Service.

But what was accessed by hackers this time — what amounts to half of the adult population of the U.S. — is far more expansive.

“The sensitivity of the information is particularly significant,” said Beth Givens, executive director of Privacy Rights Clearinghouse in California. “Just all in all, the data elements that have been compromised collectively are extremely useful to ID thieves and other types of crooks.”

Equifax said driver’s license numbers might also have been exposed in some cases, along with credit card numbers of about 209,000 Americans and “certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers.” The unauthorized access also compromised some personal information for an undisclosed number of residents of the United Kingdom and Canada, Equifax said.

In a short video posted on a specially created website for the breach, Equifax Chairman and CEO Rick Smith said the breach “strikes at the core of who we are and what we do.”

“I deeply regret this incident and I apologize to every affected consumer and all of our partners,” he said. “We all know that the threats to data security are growing by the day. And while we’ve made significant investments in cybersecurity, we have more to do and we will.”

Equifax provides a range of service, but Smith said in the video the review “found no evidence of unauthorized activity on our core credit reporting databases.”

Unauthorized access to the information occurred from mid-May to July, the company said, and was discovered by the company on July 29. Equifax engaged an outside cybersecurity firm to investigate, the company said, and conduct a forensic review. That review, which the company described as “substantially complete,” is expected to be finished in a manner of weeks.

Equifax reported the cyber-attack to law enforcement and said the company is cooperating with authorities and regulators.

Equifax gave few details about how the data was accessed and whether it was their own operations that were breached or those of an outside vendor. The company said only that “criminals exploited a U.S. website application vulnerability to gain access to certain files.”

An Equifax spokeswoman declined to provide further comment.

Givens said it is a dispiriting irony that Equifax is one of the three major credit reporting companies and offers services to protect consumers’ identities. The company holds enormous caches of information about every American and people across the globe.

“This is a terribly depressing message, but I think that people just need to assume that their personal data and their financial data is compromised all the time,” privacy rights advocate Givens said. “That’s why it’s so important to obtain three credit reports each year, keep track of financial accounts on a regular basis.”

Channel 2 Consumer Advisor Clark Howard called the breach the worst in the modern era.

“This is as bad and as thorough as any data breach I can ever recall,” Howard said. “This is very disturbing to me that this happened in July and it has been kept a secret from us since that time.”

Equifax is best known for its credit reporting business, but the company is much larger today after a string of acquisitions.

Banks use Equifax’s data and services to verify who you are and whether or not a consumer is credit worthy.

Equifax businesses include Talx, which helps employers file unemployment claims and screens hires for companies, IXI, a wealth information database, and Anakam, a technology company that provides unique identity security products and contracts with the government and health care companies.

Equifax said it manages and analyzes data for more than 820 million consumers and 91 million businesses worldwide and operates in 24 counties.

The company reported $856.7 million in revenue in the second quarter of 2017, up 6 percent from the same period a year ago. Net income was $165.4 million in the quarter ended June 30.

The company has set up a website,, for additional information and to access credit monitoring and identity theft protection services.

Equifax said it would provide a free one-year package of credit monitoring and ID protection, which CEO Smith called an unprecedented step.

But Howard said consumers should consider a credit freeze.

A freeze prevents new lines of credit from being created in a consumer’s name.

“Any other step will not help you in a breach this thorough,” he said.

Staff writer Russell Grantham contributed to this report.


Notable hacks in recent history

Data breaches by hackers or through bureaucratic mistakes have been an all-too-frequent event in which the personal information of millions of people have ended up compromised or in thieves’ hands.

Here’s a listing of some of the more recent cases:

September 2016: Yahoo discloses that half billion users’ accounts have been compromised in cyber attacks dating back to 2014.

March 2016: Los Angeles hospital chain MedStar discloses that it paid hackers $17,000 to regain control of its computer system containing the records of nearly 80 million people maintained by the health insurer Anthem.

November 2015: Georgia Secretary of State Brian Kemp acknowledges that the agency illegally disclosed the Social Security numbers and other private information of more than 6 million registered voters to a dozen organizations that subscribe to voter lists.

August 2015: Medical Informatics Engineering, an Indiana medical software company, disclosed that hackers got private information of 3.9 million people nationwide.

June 2015: Hackers linked to China appear to have gained access to sensitive background information on up to 14 million U.S. intelligence and military personnel submitted for security clearances, according to several U.S. officials.

February 2015: Anthem, the nation’s second-largest health insurer and parent company of Blue Cross-Blue Shield of Georgia, suffered a data breach in which as many as 80 millioncustomers may have had their account information and Social Security numbers stolen.

December 2014: Hackers believed to be linked to North Korea breached Sony’s email systems, got employee data and put several as-yet-unreleased films on the Internet.

November 2014: The U.S. Postal Service disclosed a major data theft that “potentially compromised” databases containing postal employees’ names, birth dates, addresses and Social Security numbers.

September 2014: Home Depot confirms that hackers got more than 50 million credit or debit card numbers from its payment systems.

January 2014: Coca-Cola discloses that least 74,000 current and former Coca-Cola employees may have been compromised after company laptops were stolen, including Social Security numbers for about 18,000 people.

January 2014: Nieman Marcus discloses that hackers got account information on 1.1 million credit and debit cards.

January 2014: Target discloses that thieves got personal information on 70 million people in late 2013, on top of an earlier disclosure that hackers also got debit and credit card information on up to 40 million shoppers.

—Russell Grantham

Resources for consumers

Equifax said it would provide a free one-year package of credit monitoring and ID protection services:

Privacy Rights Clearinghouse:

Federal Trade Commission:

Reader Comments ...

Next Up in Business

Business stories of the week: Amazon, 2018 priorities, Phipps Plaza
Business stories of the week: Amazon, 2018 priorities, Phipps Plaza

The week had no shortage of business headlines among Atlanta area companies – or perhaps companies that want to become Atlanta area companies. From the Amazon second headquarters search to major development projects, here are some of the big business headlines you might have missed from the past week. Georgia and Atlanta area economic development...
More job cuts coming to Atlanta as part of Coca-Cola restructuring
More job cuts coming to Atlanta as part of Coca-Cola restructuring

Atlanta-based Coca-Cola plans to cut an additional 179 jobs in its hometown as part of a broader restructuring the beverage giant announced earlier this year. In filings with the Georgia Department of Economic Development’s Workforce Division, Coke identified layoffs at three corporate offices in the city effective by the end of December...
Atlanta’s Phipps Plaza makeover plan shifts into overdrive
Atlanta’s Phipps Plaza makeover plan shifts into overdrive

The reinvention of Phipps Plaza into a mixed-use entertainment and shopping complex has been in the works for more than a decade. But the announcement Tuesday of a $200 million-plus expansion, including a flagship Nobu hotel and restaurant, will take that the makeover to a new level, officials with mall owner Simon hope. In Nobu, Phipps will add...
4 of the best ways to turn your home into a cash cow
4 of the best ways to turn your home into a cash cow

Your house is a large expense with many associated costs like a mortgage payment, insurance, maintenance and more. It provides a roof over your head, of course, but since it usually costs you money each month, why not put it to work for you and earn some cash in the process? The following are four ways your house can make you money: If you're planning...
6 things to know about working for Uber
6 things to know about working for Uber

Uber has been making headlines in recent months for everything from a new CEO to industry regulation. But if you want to work as a driver for the service that revolutionized the taxi-transport industry, there is more important information about Uber you'll want to check out. Here are six things you need to know about Uber before working for them...
More Stories