Around 143 million US customers of credit reporting firm Equifax may have had information compromised as part of a cyber security breach.

Information compromised may include social security numbers, addresses, and birth dates. Some UK and Canadian customers were also affected by the Equifax breach.

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

The hackers also accessed credit card numbers for about 209,000 consumers.

Equifax stated hackers accessed the information between mid-May and the end of July, which was when the breach was discovered.

Hackers won access to the systems by exploiting a “website application vulnerability”.

“I apologise to consumers and our business customers for the concern and frustration this causes,” said Richard Smith, Equifax chairman and chief executive.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

“We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.”

Commenting on the Equifax breach, Chris Morales, head of security analytics at Vectra, said: “Equifax needs to raise their cybersecurity score. Enterprises have to realise they cannot address cybersecurity by simply spending money on intrusion prevention solutions and instead need to shift investments to detection and response solutions that are being used by today’s advanced attackers.

“The cyber attackers gained a foothold by seemingly exploiting a web application vulnerability. From there, they most likely escalated privileges, abused credentials and admin protocols, moving laterally through the network, which businesses rarely have the necessary tools to detect.”

Joe Hancock, Cyber Security Lead at Mishcon de Reya, said: “The Equifax breach could affect as many 143 million records but the fact that this is still considered a ‘potential’ breach demonstrates how hard it is to understand the full extent of the loss. It’s clear that Equifax weren’t prepared for this kind of event, even though it is alleged the breach was detected in June.”