According to the company’s statement, the cybersecurity breach started in May of this year and continued until it was discovered on July 29. While criminals did not appear to have accessed what Equifax describes as “core consumer or commercial credit reporting databases,” which help in the generating of credit scores, some pretty important personal information was accessed. According to the company, criminals were able to access the social security numbers, birth dates, and addresses for a massive—but as yet unspecified—number of U.S. consumers. The hack also included credit card numbers for more than 200,000 Americans and documentation related to disputes, which contain personal and identifying information, for some 180,000 Americans. On top of that, financial disclosures show that three top Equifax executives sold $1.8 million worth of company stock in the days after the breach was discovered, according to Bloomberg.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said the company’s CEO Richard F. Smith in a statement. Equifax declined to comment further.
This breach comes on the heels of a recent finding by the Consumer Financial Protection Bureau, the government agency responsible for monitoring and regulating the financial industry, that Equifax had been deceiving American consumers, signing them up for costly products without their knowledge, misrepresenting credit scores, and violating the Fair Credit Reporting Act. At the start of 2017, Equifax, along with another credit reporting agency, Transunion, were ordered to pay $23 million in fines and restitution by the CFPB. The credit-reporting industry is controlled largely by three companies: Equifax, Experian, and Transunion. Their culling and dissemination of financial data is what allows—or prevents—people from being able to buy or rent houses, get auto loans, have credit cards, and a host of other everyday necessities.
The Equifax breach, in its size, duration, and scope, is more than an unfortunate mishap. Part of the tragedy in all of this is that, those whose information has been compromised never asked to have their information collected in the first place—all major credit reporting agencies receive data directly from a host of financial companies, such as banks and credit card companies, in order to build credit reports. For Americans who want to protect their personal financial information, there is no way, in our current system, to do so.