LEAKED: Worst Data Hack in US History Gets Worse

LEAKED: Worst Data Hack in US History Gets Worse by Wolf Richter – Wolf Street

What else has Equifax not disclosed yet?

The Equifax hack just keeps getting worse. The first revelations were made on September 7, that Equifax had discovered on July 29 that it had been hacked sometime between “mid-May through July,” and that the crown jewels of consumer data, including Social Security numbers, on 143 million US consumers was stolen. The tally has since been raised to 145.5 million consumers. In terms of quantity and sensitivity, it was the worst consumer data hack in US history.

“In some instances” driver’s license data were also stolen, the company disclosed at the time. Driver’s license data includes license number, name, address, data of birth, and basic physical features of the person. This is important and valuable data for identity thieves and other fraudsters and fills in some gaps in the other data that had been stolen.

But without telling consumers, Equifax went around and told its customers – mainly banks and credit card companies – that the tally of driver’s license data that had also been stolen, previously minimized with the phrase “in some instances,” amounted to driver’s licences of 10.9 million consumers.

This wasn’t an announcement disclosed by the company in a vapid and robotically apologetic press release, but was leaked by “people familiar with the matter,” and reported today by the Wall Street Journal.

The fact that consumers whose DL data had been stolen and who’d become more vulnerable to some fraud didn’t need to be informed about it fortifies the simple fact that, for Equifax, consumers are just the lowly product – and dealing with that product is just an expense.

How did Equifax even get this driver’s license data in the first place?

In many cases, Equifax asked consumers for their driver’s license number when they contacted the company, claiming it was needed to verify their identity. In other cases, Equifax asked for the DL number at its website set up to resolve credit-report discrepancies. The Wall Street Journal:

The dispute-resolution page appears to have been at least one avenue hackers used to access the company’s systems. This was done by hackers exploiting a security vulnerability in software that ran on the dispute portal’s web application.

Continue Reading / Wolf Street>>>

Sharing is caring!

Author Image

Wolf Richter

In his cynical, tongue-in-cheek manner, he muses on WOLF STREET about economic, business, and financial issues, Wall Street shenanigans, complex entanglements, and other things, debacles, and opportunities that catch his eye in the US, Europe, Japan, and occasionally China. WOLF STREET is the successor to his first platform… TP-Title-7-small-200px …whose ghastly name he finally abandoned in July 2014. Here’s the story on that. Wolf lives in San Francisco. He has over twenty years of C-level operations experience, including turnarounds and a VC-funded startup. He earned his BA and MBA in Texas and his MA in Oklahoma, worked in both states for years, including a decade as General Manager and COO of a large Ford dealership and its subsidiaries. But one day, he quit and went to France for seven weeks to open himself up to new possibilities, which degenerated into a life-altering three-year journey across 100 countries on all continents, much of it overland. And it almost swallowed him up.