A major American credit reporting agency entrusted to safeguard personal financial information on Friday said hackers looted its system in a colossal breach that could affect nearly half the US population as well as people in Britain and Canada.
Equifax said that a hack it learnt about on July 29 had the potential to affect 143 million US customers, and involved some data for British and Canadian residents.
The Atlanta-based company disclosed the breach in a release that did not explain why it waited more than a month to warn those affected about a risk of identity theft.
Filings with the US Securities and Exchange Commission (SEC) showed that three high-ranking Equifax executives sold shares worth almost $1.8 million in the days after the hack was discovered.
An Equifax spokesperson said the executives “had no knowledge that an intrusion had occurred at the time they sold their shares.”
Equifax collects information about people and businesses around the world and provides credit ratings used for decisions regarding loans and other financial matters. It also touts a service protecting against identity theft.
“The fact that it is a credit company that people pay to be protected from breaches, and now they have been breached...it feels like a betrayal of trust to a point,” said Aires Security chief executive Brian Markus, whose firm specialises in computer network defenses.
He considered the breach “gigantic,” made worse by the fact that Equifax stores extensive personal information about people and keeps it up to date.
Equifax said the hackers obtained names, social security numbers, birth dates, addresses and, in some instances, driver’s license numbers from the database, potentially opening up victims to identity theft.
The company said credit card numbers were compromised for some 2,09,000 US consumers, as were credit dispute documents for 1,82,000 people.