Massive Data Breach At Equifax: As Many As 143 Million Social Security Numbers Hacked

Tyler Durden's picture

Credit-reporting company Equifax shocked investors, and more than a third of America, when it announced on Thursday afternoon that hackers had breached its data systems, compromising the personal information of approximately 143 million U.S. consumers. The information accessed "primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers." In other words, pretty much everything that should have been hidden behind an n-number of firewalls, is now available to the dark net's highest bidder. 

The company, which in delightful irony offers credit-monitoring and identity-theft protection products to "guard consumers’ personal information", said that it had learned of the incident on July 29, 2017, at which point it reported the intrusion to law enforcement and contracted a cybersecurity firm to conduct a forensic review: based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. Oddly enough, it took shareholders and over a third of America, more than a month longer to learn that all their personal data may have been compromised.

As if 143 million leaked social security numbers wasn't enough, Equifax said that criminals also accessed credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers. But wait, there's more: the company also identified unauthorized access to limited personal information for certain UK and Canadian residents.

The good news, is that according to Equifax, "this issue has been contained." The bad news is that, well, as many as 143 million social security numbers have been hacked. So no, it's not contained.

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” Equifax Chief Executive Richard Smith said in prepared remarks. “I apologize to consumers and our business customers for the concern and frustration this causes.”

In a Q&A posted on the company's website, the management team revealed what's really important with the following question and answer:

Does this cybersecurity incident impact your capital allocation priorities going forward?

 

Our capital allocation priorities are unchanged at this time. As we have previously indicated, our investment
priorities in order of importance are: (1) internal investment; (2) dividends; (3) acquisition; and (4) share
repurchase. We do, however, expect to increase our capital spending in an effort to further accelerate IT
infrastructure, systems and data security and resiliency improvement actions
.

Oh, good, because a hack involving 143 million SSNs is one of those cases where capex probably should have taken precedence over stock buybacks.  Don't worry though, because as it explains in the same quesionnaire, "Equifax remains committed to delivering on the long term financial model of 7-10% revenue growth and 11%- 14% growth in Adjusted EPS on average over a business cycle. Equifax’s long term financial model reflects our continuing fundamental ability to utilize our unique and differentiated data assets and leading analytical capability to deliver high value products and services to our customers."

Uhm, after this... what customers?

After falling as much as 12% in the after hours, EFX stock stabilized... then fell as much as 19%.

And now the best news: with Putin clearly behind this hack - as "all 17 intelligence agencies", WaPo and NYT will shortly "confirm" - the US economy is about to undergo a renaissance as hundreds of millions of (unsolicited) purchases prompt a golden age for US retailers while sending Amazon market cap into the $1 trillions...  even if the shipping address for said purchases happen to be small, frigid villages deep in the Russian taiga.

Full statement from Equifax here.

Update:

In appears there was a reason why EFX decided to hold on to the hacking news a little longer than seems reasonable. As Bloomberg reports, "three Equifax Inc. senior executives sold shares worth almost $1.8 million in the days after the company discovered a security breach that may have compromised information on about 143 million U.S. consumers."

The credit-reporting service said late Thursday in a statement that it discovered the intrusion on July 29. Regulatory filings show that three days later, Chief Financial Officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099. Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2. None of the filings lists the transactions as being part of 10b5-1 pre-scheduled trading plans.

Surely, it was all purely a coincidence, even though had they waited until today, their proceeds would be well over 10% lower...

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
813kml's picture

I didn't take out that loan, DEBT JUBILEE!!!

Croesus's picture

Cue class action suit in 3, 2, 1...

prefan4200's picture

So based on a US population of 300 million, about half of us have now had our identities stolen. Fucking fabulous. How much more stupid can this daily shit-show get?

knukles's picture

So, they hit The El Dorado of personal information

And you think this is bad?  Just you wait for digital coin of the realm
CA and DC could genuinely fuck up a gold rush

GUS100CORRINA's picture

My response: Unbelievable!!! When it rains, it pours. More bad news for America.

N2OJoe's picture

So half the country has had our SSN stolen. Maybe it's time to go out and get some Unsecured loans before it's too late?

MillionDollarButter's picture

They shouldn't be able to get out of this by offering 12 months of:

"Equifax ID Patrol™

$16.95 / month

Equifax ID Patrol provides 3-Bureau credit file monitoring1. If you see unusual activity, you have the power to lock and unlock your Equifax credit file online – helping better protect your identity and monitor the credit you’ve worked hard to earn."

It needs to be lifetime free, and provided by a third party.

Pure Evil's picture

Whoop de do. So you can lock/unlock your Equifart credit report. What about the other two credit information selling whores TransUnion and Experian?

tmosley's picture

Blockchain can be used to create immutable identities onine.

The peanut gallery REALLY won't like that one!

CheapBastard's picture

And remember the "data breach" at gubmint offices where millions of those numbers were hacked.

I won't get into targets data breach of 45 million if I remember correctly and they sat on it fo rmonths before notifying cusotmers.

Odd, they're quick to enforce Obama's Tranny-Pedo bathroom policies, but slow on trivial matters like all your fucking personal data stolen!

ThaBigPerm's picture

Breaking that the execs dumped their stock before making the announcement.....

aurum4040's picture

Imagine that, another accurate, true blockchain statement downvoted by the crypto ignoramuses. For the uninitiated - Monero (XMR) excels in the  fully obfuscated/untraceable and immutable categories. Perhaps Equifax needs a little XMR in their lives? Perhaps Monero or another Crypto simply displaces the big 3? And this would be small peanuts in comparison to the crypto possibility/probability pie.

https://hbr.org/2017/03/blockchain-will-help-us-prove-our-identities-in-...

MillionDollarButter's picture

Companies that have had a data breach have typically offered identity theft monitoring.  I bought stuff at Target, which is why I had Equifax in the first place.  It was free for a couple of months.  Now Equifux is touting for business with their new "crisis".  They have means, motive, and opportunity.  They should be the primary suspects in this breach.

YUNOSELL's picture

I never considered this solution to the Social Security problem, but this is actually a very creative, ingenious way for the government to default on the massively underfunded Social Security -- Blame Russian hackers!!!

Arnold's picture

You are dementented.
I mean that in a good way.

spiral galaxy's picture

Shoot the fucks responsible .....especially those that sold stock before the press release.

DontGive's picture

This would have never happened if the accounts were still on paper index cards. Hard to smuggle out 140 million of those...

DC Exile's picture

While the CEO claims there is "no evidence" of real damage, he "apologizes" for consumer "frustration". Clearly Eqifax is speaking carelfully under lawyer advice to avoid a class-action. In any event, this is from Equifax website (one year free indeed lol!):

 

Equifax has established a dedicated website, www.equifaxsecurity2017.com, to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection. The offering, called TrustedID Premier, includes 3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers – all complimentary to U.S. consumers for one year. The website also provides additional information on steps consumers can take to protect their personal information. Equifax recommends that consumers with additional questions visit www.equifaxsecurity2017.com or contact a dedicated call center at 866-447-7559, which the company set up to assist consumers. The call center is open every day (including weekends) from 7:00 a.m. – 1:00 a.m. Eastern time.


knukles's picture

Could make for a Greaaaaaaaat Christmas for somebody!

813kml's picture

Look for Wells Fargo to open 100 million new accounts just in time for Xmas bonuses.

Implied Violins's picture

At least we can sue them for "global warming" when they take delivery of all those free toasters.

yellensNIRPles's picture

Can the world please not make 'My Response' a thing? We know it's your response or else you wouldn't be writing it, and so it is redundant. Fucking everything is being dumbed down to the point of no return.

swmnguy's picture

Nah, he stole it from me.

Literally, I could care less.

Arnold's picture

My response:
so thin a skin has no business posting here, trolling for my response.

Sokhmate's picture

For all extensive purposes, you make a good point, alas it's a mute point.

clade7's picture

Somebody should step up and apologize to us!  Real sincerely like that one BP guy did?

Cthonic's picture

They sat on the breach for a month.  Purportedly learned of it on July 27th, the day after they reported earnings??

HRH Feant2's picture

Forty days. Plus three execs cashed out some stock holdings.

CheapBastard's picture

"I swear I did not buy those five Hello Kitty vibrators and the pink lingerie."

 

"I swear."

mkkby's picture

Dear theives -- please use this to hack the bank accounts of Nancy Pelosi, Chuck Schumer, Paul Ryan and Mitch McConnel.

They have loads of money and credit cards with high balances. While you're at it get Ruth Ginsberg and Sonia Sotomayor.

Rubicon727's picture

"They sat on the breach for a month.  Purportedly learned of it on July 27th, the day after they reported earnings??"

Unbelievable!! This is the corporation that safeguards all our credit card/ss/driver's license/phone numbers and *THEY HAVE* been breached.

I'd say American capitalism is leaning closer to collapse!!!!!

I tried phoning that company, BUT "Due to the high calls, either stay on the phone, or leave a message and someone will get back to you." REALLY!!!!!

This company should be destroyed immediately!!!!!!!!!!!!! GRRRRR.

Blue Steel 309's picture

Corporations are people who are unaccountable to the law or the People.

canisdirus's picture

More likely, it's basically everyone that has a credit report. Around half the population is too young to have one or doesn't use credit.

Pure Evil's picture

Everyone with a SSN has a credit report.

canisdirus's picture

Incorrect. You start out without a credit report. They won't have your personal information until you apply for credit.

jbwilson24's picture

one advantage to being an illegal alien is that you don't have an SSN, etc.

illegal alien privilege

Adullam's picture

@pre-fan. The "show" that we are all watching is not so much stupid as it is nefarious. There is a huge dark side to having this amount of information on this number of people compromised.

MozartIII's picture

"How much more stupid can this daily shit-show get?"

 

Do you really want to know?

beaker's picture

Let's add insider trading to the list, too.  Management is soooo toast.

lincolnsteffens's picture

The more information is centralized the worse the outcome if it gets zipped up in a zip file and taken. When everything was done on paper this kind of thing never could have happened. Sure, break into an office and steal their files but can you imagine trying to steal this kind of information in paper form? Even if all the same information stolen was on paper in one location it would take days, maybe weeks to load it into who knows how many tractor trailers.

Now what, assign everyone new SSNs, credit card #s, birth dates (!!!!), phone #, location???

Cluster fuck on the scale of the approaching hurricane.

ByTheCross's picture

It is not possible to have your identity stolen.

It is possible that people can steal credentials that make it easier to impersonate you, but even so, the responsibility for establishing your identity lies with the other person, not you - and that includes the responsibility for detecting imposters.

The notion that identity can be stolen was created by the banks so they can evade this responsibility, e.g.

Joe: "Why do I have a zero balance?"

Bank: "You withdrew all your money yesterday."

Joe: "Not me!"

Bank: "Hmmm. Your identity has been stolen. You'd better report it to the police. I hope you had it insured."

Joe: "Oh well, at least I still have my shadow."

Pool Shark's picture

Pool Shark's 3-Step Plan for Success:

1) Dispute All charges

2) Blame Equifax hack

3) Profit!!!

clade7's picture

In essence decreeing your own personal Debt Jubilee!  Brilliant!  If 143million consider this, whos to stop or dispute it?

Arnold's picture

9 th circuit.
Don't file there.

Occams_Chainsaw's picture

Nice South Park reference....

Oswald did it's picture

These companies (equifax, experian, transunion) should've been sued into bankruptcy a long time ago