Equifax waits 5 weeks before revealing giant data breach


Consumer credit reporting agency Equifax waited five weeks before revealing that its data systems had been hacked. The personal information of around a third of the U.S. population is thought to have been compromised.

“We identified a cybersecurity incident potentially impacting approximately 143 million U.S. consumers,” Equifax wrote in an Investor Relations Q&A on Thursday. The company also acknowledged that it had become aware of the unauthorized access on July 29.

The data stolen between mid-May – when the unauthorized access first occurred – and the end of July – when the company found out about the breach – is understood to include the names of its customers, their Social Security numbers, their birth dates, their addresses as well as their driver’s license numbers. But that’s not all. The company also admitted that the credit card numbers of over 200,000 U.S. consumers and various documents containing the personal identifying information of some 180,000 U.S. citizens had also been compromised.

The credit reporting company, which offers its services to the nation’s 125-million households and ironically prides itself on providing identity-theft protection products to keep personal information secure, apologized for the breach and said it had hired a cybersecurity firm so that a thorough forensic review could be conducted.

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” Equifax’s CEO Richard F. Smith said in a statement.

While the general public and investors were kept in the dark for some 40 days, company insiders quickly dumped some of their shares as soon as they learned of the breach.

Indeed, records show that on August 1 – three days after learning of the breach – Joseph Michael Loughran, the president of United States Information Solutions, sold $584,000 worth of shares. On the same day, Equifax Chief Financial Officer John W. Gamble disposed of 6,500 shares for a total of $946,000. The following day, Workforce Solutions President Rodolfo Osvaldo Ploder raised over $250,000 following the sale of 1,719 Equifax shares.

In January, the Consumer Financial Protection Bureau (CFPB) ordered Equifax and Transunion – another credit-reporting agency – to pay $5.5 million in fines to the CFPB as well as $17.6 million in restitution to consumers after they were found to have lured and deceived the public.

The company’s shares feel heavily after hours following the security-breach announcement.

You can check if your personal information may have been impacted on the Equifax website.