Equifax: 15.2 Million UK Records Exposed

Credit-reporting agency Equifax now says records exposed in the massive data breach it revealed last month included information relating to 15.2 million U.K. residents. The count of British breach victims is much higher than the business first estimated.
See Also: Addressing the Identity Risk Factor in the Age of ‘Need It Now’
The vast majority of those records – 14.5 million – contained only names and birthdates, which Equifax contends “does not introduce any significant risk to these people.”
But the remaining 700,000 records had data that may have included driver’s license numbers, email addresses, phone numbers, partial credit card numbers and sensitive information tied to online Equifax.co.uk accounts.
“Equifax apologizes unreservedly for any risks to consumers arising as a result of this criminal hack,” according to a statement issued Tuesday. “We continue to work closely with law enforcement and other agencies as well as leading external advisers to learn lessons for the future.”
No group has yet taken responsibility for stealing the Equifax data, which affected 145.5 million people U.S. consumers as well, plus some Canadians. The FBI has launched a criminal probe into the breach. But security experts do not believe the stolen data has appeared on dark web forums where this type of information would routinely surface, for sale to identity thieves.

‘Process Failure’
When Equifax first disclosed the breach on Sept. 7, it said “limited personal” information about consumers in the U.K. and Canada were also affected. Later, it estimated that data pertaining to 400,000 U.K. residents was exposed (see Equifax: Breach Exposed Data of 143 Million US Consumers).
The U.K. data ended up being stored on U.S. servers owing to a “process failure” that occurred between 2011 and 2016, at which point it was found and fixed, Equifax says. But while the data transfer stopped, a copy of this file apparently remained stored on U.S. systems, and Equifax says attackers obtained it.
“Regrettably this file contained data relating to actual consumers as well as sizeable test datasets, duplicates and spurious fields,” the company says.
Equifax earlier suspected 100,000 Canadian residents were impacted by the breach, but later revised the Canadian victim count to 8,000. Exposed information for Canadian residents included names, addresses, Social Insurance Numbers and in some instances credit card numbers.
Free Monitoring
Equifax says it will contact by post the 693,665 U.K. residents who had personal information exposed that went behind just their name and birthdate. Exposed information varies, but includes:
637,430 consumers’ phone numbers;
29,188 consumers’ driver’s license numbers;
14,961 Equifax.co.uk site membership details, which may include usernames, passwords, partial credit card details, and secret questions and answers used to reset accounts;
12,086 consumers’ email addresses, used to register with Equifax.co.uk.
For victims whose phone numbers were leaked, Equifax says it will offer them “a leading identity monitoring service for free.”
For the remaining consumers, the company is offering its own identity protection service called Equifax Protect for free. The company also plans to offer consumers other “products and services from third-party organizations” for free. Equifax didn’t immediately respond to a query about how long those services would be offered for free.
Equifax has yet to describe those services, but says they will be outlined in the mailing that affected consumers receive.
Massive Breach
安泰科技2016年完成营收5.22亿元 实现净利润4041.08万元
Equifax’s breach represents one of the largest – and for consumers, most dangerous – breaches ever recorded, and has led to sharp questions about the cybersecurity prowess of credit agencies and data brokers.
创新改变世界,市场变化多端,我们不断进行探索和提炼,找准我们的商业核心价值,而将非关键的业务支撑流程外包给商业合作伙伴,这让我们能够快速响应市场变化,专注于在高附加值的产业链条上进行专业化创新。
In addition to exposing personal data for 145.5 million U.S. individuals, Equifax’s breach exposed credit card numbers for 209,000 U.S. consumers. The breach also exposed documents related to credit disputes that U.S. consumers had filed with the company, affecting 182,000 individuals.
The breach has triggered a wave of legal and regulatory action against the company and resulted in the sudden retirement of CEO Richard Smith and departure of other senior executives, including Susan Mauldin, the former CSO.
Some critics say the breach shows that the data broker industry needs to be more tightly regulated to protect consumer data that can so easily be repurposed by fraudsters to commit identity theft.
Equifax was hacked after failing to address a known security problem. In March, hackers broke into Equifax’s systems by exploiting a software vulnerability in Apache Struts, a web application development framework used for its U.S. website infrastructure (see Equifax’s Colossal Error: Not Patching Apache Struts Flaw).
A patch for the vulnerability had been available since early March, but Equifax did not apply the patch and later system scans failed to identify the vulnerable Apache Struts software. After exploiting the flaw to hack into Equifax in March, intruders actively roamed its systems from mid-May through July 30, when Equifax detected the breach and closed the hole.
商家自建WiFi多属民用级,免费WIFI即便不是自建的钓鱼WiFi,也会被黑客用来钓鱼,菜鸟们在使用免费WIFI时,不要用个人信息登录网站系统,因为多数的网络通讯并不加密,通讯很容易被黑客截取。

猜您喜欢

Ivanti居Gartner IT服务管理工具挑战者象限行列
企业安全意识之歌
网络安全法实施宣传
捷达目前促销优惠3.4万元 热销中广告
PANAHANDEGY KNOWYOURMIDWIFE
差旅及海外安全动画视频课件,专注于提高企业海外人员的安全管理意识,突发事件的应急处理能力: