RepRisk case study
Equifax
# Equifax Data Breach Scandal
# May 2018
What happened?
On September 7, 2017, the US-based consumer credit reporting agency Equifax announced that a cyber-attack on its computer systems between May and July 2017 had enabled hackers to access the personal data of about 143 million people in the US. By September 21, Equifax shares had plummeted by 33 percent following reports that the cyber criminals had been able to access full names, social security numbers, birth dates, and addresses, allegedly leaving consumers vulnerable to identity theft.
Although the attack reportedly began in mid-May, the CEO of Equifax claimed that the company had only discovered the breach on July 29, 2017.
A week after Equifax announced the data breach in the US, the security of the internal portal of Veraz, the company’s Argentinian operation, was found to be vulnerable, as the records of thousands of customers could allegedly be accessed by using the word “admin” as both the login and password. It was claimed that the weakness could lead to a breach of the personal data of more than 100 employees and 14,000 customers from Argentina.