Share

Equifax raises breach victim number to 145.5 million

Washington - Equifax said on Monday an investigation into the massive data breach at the credit agency discovered 2.5 million additional potential victims, bringing the total to 145.5 million.

Interim chief executive Paulino do Rego Barros, made the disclosure in a statement, saying, "Our priorities are transparency and improving support for consumers. I will continue to monitor our progress on a daily basis."

The statement said the cybersecurity firm Mandiant made the new estimate after a forensic review of the incident, which is believed to be one of the worst breaches because of the sensitivity of data leaked.

The review "also has concluded that there is no evidence the attackers accessed databases located outside of the United States," the Equifax statement said.

Mandiant found that about 8 000 Canadian consumers were impacted by the hack, fewer than the initial estimate of 100 000. The company said a review of the impact on British consumers was still being analyzed.

Separately on Monday, former CEO Richard Smith said in testimony prepared for a congressional hearing that the security team at Equifax failed to patch a vulnerability in March after getting a warning about the flaw.

Smith, in a statement to a congressional committee released, offered a timeline of the cyber attack which leaked social security numbers and other sensitive data.

Smith said in prepared remarks to a House panel that the company on March 9 circulated an internal memo warning about a software flaw identified by the government's Computer Emergency Response Team (CERT).

He added that Equifax policy would have required a patch to be applied within 48 hours and that this was not done - but he could not explain why.

Equifax's information security department ran scans that should have identified any systems that were vulnerable but failed to identify any flaws in the software known as Apache Struts.

"I understand that Equifax's investigation into these issues is ongoing," he said in the statement.

"The company knows, however, that it was this unpatched vulnerability that allowed hackers to access personal identifying information."

Smith said he was notified of the breach on July 31, but was not aware "of the scope of this attack." He informed the company's lead director three weeks later, on August 22, and board meetings were held on the matter August 24 and 25.

Equifax, one of the major agencies gathering data used in credit ratings for banks, has come under fire for waiting until September 7 to publicly disclose the breach, and investigators are looking into stock sales by two senior executives in August.

Smith stepped down last week amid the investigation, while indicating he would remain in a consulting capacity during the investigation, which includes a congressional hearing on Tuesday.

Smith offered a fresh apology for the attack, saying in his statement: "As CEO I was ultimately responsible for what happened on my watch. Equifax was entrusted with Americans' private data and we let them down.

SUBSCRIBE FOR FREE UPDATE: Get Fin24's top morning business news and opinions in your inbox.

Read Fin24's top stories trending on Twitter:

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
18.94
-0.2%
Rand - Pound
23.91
-0.1%
Rand - Euro
20.43
+0.2%
Rand - Aus dollar
12.34
+0.1%
Rand - Yen
0.13
-0.2%
Platinum
910.50
+1.5%
Palladium
1,011.50
+1.0%
Gold
2,221.35
+1.2%
Silver
24.87
+0.9%
Brent-ruolie
86.09
-0.2%
Top 40
68,346
+1.0%
All Share
74,536
+0.8%
Resource 10
57,251
+2.8%
Industrial 25
103,936
+0.6%
Financial 15
16,502
-0.1%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders