Equifax hacked – On September 7th and again February 20, 2020, Equifax, one of the oldest and largest consumer credit reporting companies, announced it had been the victim of a massive cyberattack again. They claim the breach was only discovered at the end of July – but why it was only publicly disclosed over a few months later is unknown.
They have since confirmed that very sensitive information of approximately 100,000 Canadians were ‘exposed’ in the attack – and who now have to worry about identity theft. Although the numbers are but a drop in the bucket compared to the 143 million Americans and an estimated 400,000 up to 44 million British whose information may have also been breached, Canadians still have serious cause for concern.
The Canadian breach may have impacted names, addresses and social insurance numbers, PIN numbers and possibly even credit card numbers, along with other personal information. As well, the Canadian Automobile Association (CAA) has been notifying approximately 10,000 of their members who participate in their identity protection program, it is possible some of their sensitive data may have been compromised – as it was stored with Equifax USA.
What is even more worrisome is that Equifax has not been completely forthcoming in this whole fiasco and there has been widespread criticism about their actions.
In fact, these attacks could have started as early as this past spring. Bloomberg News reported that Equifax had been the victim of a ‘major breach of its computer systems’ in March 2017 and had only notified a small number of ‘outsiders and banking customers’ about it – and the same party who carried it out, may very well be the same who breached their systems again in May.
Also disconcerting in the report, is that ‘three Equifax executives sold $1.8 million of their personal holdings of company shares, days after Equifax discovered the breach’. The company claims the executives, including the chief financial officer John Gamble, ‘had no knowledge that an intrusion had occurred at the time they sold their shares’. In the meantime, it was also reported that the US Justice Department had opened an investigation to determine whether or not insider trading laws had been violated. The company is also facing investigations in Canada and class actions suits have been filed here and in the US.
To further shake your trust in how it is being handled, when the announcement was made Equifax first put up a link to a website for those who wanted to find out if they were victims of the breach. Security experts found that the website had many traits in common with a phishing website. For one, it was not hosted on a domain registered to Equifax and those who went to the site to learn if their personal information had been compromised needed to provide a last name and six digits of their social security number – and security experts concluded the information returned from the search was apparently just random results, not accurate information.
The cyberattack on Equifax could end up proving to be the worst ever seen, because of the amount of extremely sensitive data now in the hands of criminal hackers – which should only be used by banks, insurance companies and other businesses to confirm information on their clients and consumers.
Much has not yet been made clear, but waiting to find out if you have or can become a victim of identity theft could prove to make things far more challenging. If you ever had to replace a lost driver’s license or medicare card, you understand what a daunting task it could be – never mind having to replace stolen credit cards and social insurance numbers as well.
In the meantime, it is highly suggested to monitor your credit cards and bank accounts for unauthorized transactions, report any signs of theft to your bank.
Other articles from mtltimes.ca – totimes.ca – otttimes.ca