The Federal Trade Commission on Thursday confirmed that it is investigating a massive data breach at credit reporting giant Equifax that exposed the sensitive information of millions of Americans.
Peter Kaplan, FTC’s acting director of public affairs, said that the agency typically does not comment on ongoing investigations in a statement obtained by Politico.
“However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach,” Kaplan said.
Breaking: FTC confirms it is investigating the Equifax data breach. Says normally doesn't comment but recognizes "intense public interest." pic.twitter.com/4bk3JO84Xs— Eric Geller (@ericgeller) September 14, 2017
Equifax, one of America’s three major credit bureaus, said last week that a “cyber security incident” might have exposed the names, Social Security numbers, birth dates and addresses of 143 million Americans. Driver’s license numbers might have also been accessed, the company said.
The breach took place from mid-May through July 2017, according to Equifax.
Equifax set up a website to help affected consumers and keep them abreast of updates in the company’s investigation. On a frequently asked questions section of the site, Equifax officials identified the flaw that allowed hackers to access sensitive information as one flagged publicly last year.
A patch for the vulnerability, Apache Struts CVE-2017-5638, was released by The Apache Software Foundation in March, Bloomberg reported.
Sen. Mark Warner, D-Virginia, a member of the Banking, Budget and Finance committees and cofounder of the Senate Cybersecurity Caucus, on Wednesday called for an investigation into the data breach.
“The volume and sensitivity of the data potentially involved in this breach raises serious questions about whether firms like Equifax adequately protect the enormous amounts of sensitive data they gather and commercialize,” Warner wrote in a letter addressed to FTC Acting Chairwoman Maureen Ohlhausen.
He called the incident “one of the largest, and potentially most impactful, breaches in recent history.”