The report states that no additional breaches and no additional customers were affected since the September 2017 announcement. The report filed late last week yielded more specific details: Data Element Stolen
EQUIFAX DATA BREACH ANALYSIS LICENSE
After organizing and classifying their internal databases, analysis yielded that the PII collected by the hackers include dates of birth, social security numbers (SSN), addresses, phone numbers, email addresses, driver’s license numbers, tax identification numbers, and credit card data, among others. The initial report in September 2017 estimated that the breach exposed records of 145.5 million US citizens and 15.2 million in the UK.
The image storage server where customers upload scans of documents for their online dispute portal was also hacked, which included passports and other government-issued IDs.Įquifax submitted the report at the request of the congressional committees investigating the cybersecurity incident to determine the depth and extent of the breach.
EQUIFAX DATA BREACH ANALYSIS UPDATE
No word back yet, but we’ll update this story as and when more information comes to hand.In an update from the Equifax data breach in 2017, the company reported to the Securities and Exchange Commission that while no new breaches occurred and no new customers were affected, a total of 2.4 million personally identifiable information (PII) were collected from the 2017 attack. The Daily Swig asked the FTC to offer an estimate on the number of claimants and the payouts each is likely to receive.
The settlement includes up to $425 million to help people affected by the data breach, as explained in an update from the FTC.Ī portion of this figure is earmarked to cover losses and expenses – legal and otherwise – incurred by victims of identity theft and fraud, while some will likely go towards covering credit monitoring services and the remainder going to claimants who stake their claim before a January 2020 deadline. Global settlementĮquifax has agreed to a global settlement with the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau, and 50 US states and territories. The Chinese authorities deny any involvement in the hack. The quartet – alleged members of the PLA 54th Research Institute – were served with a nine-count indictment, as detailed in a US Department of Justice statement on the case. In February 2020, US authorities unsealed an indictment charging four named members of the Chinese military with the cyber-attack. This compromised server acted as a springboard that allowed hackers to access Equifax’s internal systems before stealing credentials that allowed them to query its databases.įROM THE ARCHIVES Equifax a year on: Little has changed – at least for the billion-dollar companyĭatabase queries were stored in compressed files that were slowly and systematically siphoned off. The root cause of the attack was a critical Apache Struts vulnerability, discovered and resolved in March 2017, that was left unresolved on at least one web-facing Equifax server.Īttackers took advantage of an unpatched Apache Struts installation to hack into Equifax’s dispute resolution portal.
Subsequent computer forensics work revealed attackers had access to Equifax systems between May and July 2017, when the breach was detected and resolved. A smaller number of Canadians were also affected.Ĭatch up on the latest data breach news and analysis The breach exposed the credit card data of a smaller subset of around 209,000 victims.Īn estimated 15 million British citizens were affected by the incident, of which 694,000 had sensitive data exposed. Names, Social Security numbers, birth dates, addresses as well as driver’s license details of more than 10 million individuals were exposed after attackers used a known vulnerability to break into Equifax’s databases. Settlement includes up to $425 million to help people affected by 2017 mega breachĬredit reference agency Equifax has finalized a settlement for a 2017 data breach that affected more than 147 million US citizens and 15 million Brits.Įquifax first admitted the massive breach in September 2017.
0 kommentar(er)
