Included in the data are names, Social Security numbers, birthdates, addresses, credit ratings, and credit card info. In short, it’s a treasure trove for identity thieves, and Equifax has kept in under wraps since July. Equifax says it took steps to stop the intrusion on July 29th, before hiring a security firm to assess the damage. Law enforcement has also been notified, but it’s still unclear exactly what was stolen. It’s thought that the hack also affects users outside of the U.S., in the UK and Canada. The company has set up a website, Equifax Security 2017, where you can see if you’re a victim.
It’s also encouraging users to sign up for TrustedID, it’s own identity theft prevention system. However, this has caused contention with some users, who note its terms and conditions waive their right to sue Equifax. They also say the security website enrolled them in TrustedID unwillingly.
Managers Sell Stock Before Breach Reveal
Meanwhile, its managers are under fire for selling stock before the hack was revealed. Almost $1.8 million was sold three days after the breach was discovered. Equifax holds that the trio did not know about the breach at the time. Following the announcement, shares fell 13% during extended trading. The managers in question include Chief Financial Officer John Gamble, sold shares worth $946,374. Spokeswoman Ines Gutzmer says this was “a small percentage of their Equifax shares.” While the breach doesn’t have the volume of Yahoo’s 1 billion user hack, it does contain more sensitive data. Moreover, users may not realise they’re affected. “Given that financial institutions, including credit card companies, banks, credit unions, retailers and lenders report the details of credit activity to Equifax, the 143 million consumers affected may not even be aware the company has this information on them,” explained Theresa Payton, CEO of security company Fortalice Solutions.