Equifax , one of the largest US credit reporting agencies last week suffered a massive data breach, early indications are that it has affected as many as 143 mllion US customers whilst also impacting on individuals in the UK and Canada. This attack has been further compounded by a subsequent attack in Argentina which again targeted the US.
The incident occurred between May and July this year involving the compromise of social security numbers , birth dates , addresses and driving licence details. In addition to this it is understood that the hackers managed to access 209,000 credit card numbers and other documents disclosing personal identifiable information relating to a further 182,000 customers of Equifax.
The credit reporting agency looks after the data of 44 million British customers for British Gas , BT and Capital One and it is understood that up to 400,000 may have had their details compromised during the breach.
The Breach Response
Cyber security consultants have been appointed in order to carry out a forensic investigation to try and ascertain the scope of the hackers intrusion into their systems and exactly what data has been compromised. Action Fraud in the UK have also posted guidance on their website in the event of possible fraudulent activity on UK citizens accounts following this data breach.
All customers affected have been offered credit monitoring and identity theft protection free of charge.
In the US the average per person cost of a data breach is believed to be $225 , with possibly 143 million individuals affected the financial implications of this are extremely high
It is understood that Equifax did take out cyber insurance and this will go some way to mitigate the financial costs associated with such as breach. Other insurance policies may also be able to respond in relation to this loss.
Notification to Regulatory Bodies
This cyber attack has also been reported to the relevant US law enforcement agencies, in addition to this the ICO in the UK has been alerted to assess the implications for UK citizens.
The Consequences of the Breach
Impact on Share Price
It is too early to assess the ramifications of the data breach on Equifax , however the shares of Equifax dropped nearly 9% equivalent to $3.50 billion of their share value.
A few days after the incident it has been announced that the Chief Information Officer and Chief Security Officer would be departing from the business.
What went wrong ?
It is unclear how the initial breach was caused but it is believed that the hackers exploited a vulnerability in a piece of software that could be used with Apache web server program. A patch had been issued to update the software but it appears that this may not have been updated. The more recent incident is believed, according to various reports to have resulted from an online employee tool that enabled “admin” to be utilized for both login and password which then made it possible to gain access to customers data.
The Equifax Factor
The Equifax data breach should be a warning to UK businesses that that need to have the appropriate procedures in order to manage the data that they hold ahead of the implementation of the GDPR on 25th May 2018 . Should such a data breach occur once the GDPR is in force UK citizens would be able to avail themselves of protection under this forthcoming piece of legislation.