The massive Equifax data breach, which could affect up to 143 million consumers in the U.S., has thrust data privacy into the spotlight once again.
Equifax confirmed the “cybersecurity incident” Thursday, noting that criminals exploited a U.S. website application vulnerability to gain access to certain files. The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers, according to the credit reporting company.
Credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers were also accessed in the attack.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Equifax CEO Richard F. Smith, in a statement.
Security experts say that the full impact of the breach may not become apparent for some time. “At this stage it’s difficult to determine the severity of the breach, but the scale is significant,” explained Leigh-Anne Galloway, cyber security resilience lead at security specialist Positive Technologies, in a email to Fox News. “Attackers could potentially target high-value individuals with good credit ratings to borrow money fraudulently, or use that as a basis to assess the value of the stored card data.”
Security expert Graham Cluley also highlighted the seriousness of the breach, pointing to the sensitive information accessed. “This is why it’s so serious when companies lose your personal identifiable information,” he wrote, in a blog post. “A password you can change, your personal details are probably going to always be the same – whether you like it or not.”
Equifax has set up a dedicated website to help consumers find out if their information has been impacted by the breach and to sign up for credit file monitoring and identity theft protection. Consumers, however, have to provide Equifax with their last name and the last six digits of their social security number to use the service.
Bill Mann, chief product officer at identity management specialist Centrify, noted that Equifax shares dipped 5 percent when news of the breach emerged. “The long-term impact will likely be greater, as this breach impacts millions of consumers who trust Equifax with their most personal information, and trust is at the core of their business,” he said, in a statement emailed to Fox News. “Based on its severity and the sheer numbers involved, a breach like this will displace consumer trust, and potentially wipe out additional value quickly.”
Equifax shares were down more than 15 percent in early trading Friday.
“It will take months or years for Equifax to recover – from both the impact on its stock and on consumers’ trust – and no doubt they’ll be learning from this for years,” added Ray Rothrock, CEO and Chairman of cybersecurity analytics specialist RedSeal, in a statement emailed to Fox News.
Equifax said Thursday that three executives at the firm who sold stock just after the discovery of the data breach were not aware of the incident at the time of the sale. The trio sold $1.8 million in stock, according to Bloomberg, which first reported the findings.
The Equifax incident is the latest in a string of high-profile data breaches. Last year, for example, Yahoo! confirmed that more than one billion customer accounts have been compromised in a massive data breach.
“The unfortunate Equifax breach is just another embodiment of the threat environment that organizations face every day – this is the new normal,” Dr. Richard Ford, chief scientist at security software specialist Forcepoint, wrote in an email to Fox News. “The rise of large scale data collection and aggregation has placed considerable pressure on organizations to preserve privacy while leveraging data for legitimate business purposes. The more sensitive the data the greater the liabilities caused by a breach.”
“Equifax’s breach is yet another data point (albeit a massive one) in the new reality of ‘continuously compromised’ organizations,” added Anthony Di Bello, senior director of products at Guidance Software. “Make no mistake about it: these breaches will continue to happen and make headlines.”
Research recently released by Guidance Software found that one in four businesses suffered direct financial losses due to a cyber attack in the past year. The survey of 330 IT professionals in North America found that almost two-thirds had fallen victim
to malware-related breaches.
In its statement, Equifax said that it has engaged an independent cybersecurity firm to conduct an assessment and provide recommendations on how to avoid another data breach incident.
Follow James Rogers on Twitter @jamesjrogers