Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: all
Year(s) of Breach: all
Company or Organization:
Date Made Public:
September 7, 2017
Company: Equifax Corporation
Location: Atlanta, Georgia
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
145,500,000

"Equifax, which supplies credit information and other information services, said Thursday that a data breach could have potentially affected 143 million consumers in the United States.

Equifax said it discovered the breach on July 29. "Criminals exploited a U.S. website application vulnerability to gain access to certain files," the company said."

Equifax said exposed data includes names, birth dates, Social Security numbers, addresses and some driver's license numbers, all of which the company aims to protect for its customers.

The company added that 209,000 U.S. credit card numbers were obtained, in addition to "certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers."

Link to Equifax breach notification: https://www.equifaxsecurity2017.com/

UPDATE: (10/02/2017): "Equifax said hackers may have stolen the personal information of 2.5 million more U.S. consumers than it initially estimated, bringing the total to 145.5 million.

The company said the additional customers  were not victims of a new attack but rather victims who the company had not counted before. Equifax hired the forensic security firm Mandiant to investigate the breach, and it finished its report on Sunday."

https://www.usatoday.com/story/tech/2017/10/02/equifax-breach-hit-2-5-mi...

 

UPDATE: (02/10/2017): "On Friday, Senator Elizabeth Warren (D-Mass.) sent a letter to Paulino do Rego Barros Jr. , interim CEO of Equifax, citing 'what appears to be misleading, incomplete, or contradictory information' provided to Congress and the public about the breach of data on 145 million Americans. She demanded answers within a week.

Equifax stated last year that hackers primarily accessed 'names, Social Security numbers, birth dates, and, in some instances, driver’s license numbers…credit numbers…and certain dispute documents with personal identifying information,' Warren said.

But The Wall Street Journal reported on Friday that hackers accessed 'such data as tax identification numbers, email addresses, and drivers' license information beyond the license numbers [Equifax] originally disclosed,'  Warren added."

https://www.mediapost.com/publications/article/314389/

Information Source:
Media
Date Made Public:
May 6, 2016
Company: Equifax Inc.
Location: Atlanta, Georgia
Type of breach:
HACK
Type of organization:
BSO
Records Breached:
431,000

"Identity thieves stole tax and salary data from big-three credit bureau Equifax Inc., according to a letter that grocery giant Kroger sent to all current and some former employees on Thursday. The nation’s largest grocery chain by revenue appears to be one of several Equifax customers that were similarly victimized this year.

Atlanta-based Equifax’s W-2Express site makes electronic W-2 forms accessible for download for many companies, including Kroger — which employs more than 431,000 people. According to a letter Kroger sent to employees dated May 5, thieves were able to access W-2 data merely by entering at Equifax’s portal the employee’s default PIN code, which was nothing more than the last four digits of the employee’s Social Security number and their four-digit birth year."

Equifax believes that the Social Security numbers and dates of birth were obtained from another source.

More Information: http://krebsonsecurity.com/2016/05/crooks-grab-w-2s-from-credit-bureau-e...

Information Source:
Krebs On Security
Date Made Public:
October 10, 2012
Company: Equifax
Location: Atlanta, Georgia
Type of breach:
DISC
Type of organization:
BSF
Records Breached:
17,000

Equifax settled charges with the Federal Trade Commission after it was discovered that Equifax Information Services improperly sold lists of consumer data.  People who were late on their mortgage payments had their information sold to firms that should not have received the information and subsequently resold it to other firms.  Equifax agreed to pay nearly $1.6 million to resolve charges that it violated the FTC and Fair Credit Reporting Acts. The settlement prohibits Equifax from providing prescreened lists to unauthorized parties, having poor procedures for releasing prescreened lists, and selling prescreened lists in certain circumstances.

Information Source:
Media
Date Made Public:
February 11, 2010
Company: Equifax
Location: Atlanta, Georgia
Type of breach:
DISC
Type of organization:
BSF
Records Breached:
35

An unknown number of current and former employees of credit reporting firm Equifax received W-2 forms in the mail with their Social Security numbers visible through a window on the envelope. Some of the tax forms mailed by Equifax's payroll vendor through the U.S. Postal Service had the Social Security number in a Control Number field, which was partially or fully viewable through the return address window.

 

Information Source:
Dataloss DB
Date Made Public:
June 20, 2006
Company: Equifax
Location: Atlanta, Georgia
Type of breach:
PORT
Type of organization:
BSF
Records Breached:
2,500

On May 29, a company laptop containing employee names and partial and full Social Security numbers was stolen from an employee.

Information Source:
Dataloss DB
CSV