Equifax Cyberattack May Affect 143 Million Consumers

*UPDATE* Equifax’s Terms of Use for the site set up to check if users’ data was compromised includes a section that states using the website forfeits the right to sue Equifax.

AGREEMENT TO RESOLVE ALL DISPUTES BY BINDING INDIVIDUAL ARBITRATION. PLEASE READ THIS ENTIRE SECTION CAREFULLY BECAUSE IT AFFECTS YOUR LEGAL RIGHTS BY REQUIRING ARBITRATION OF DISPUTES (EXCEPT AS SET FORTH BELOW) AND A WAIVER OF THE ABILITY TO BRING OR PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR OTHER REPRESENTATIVE ACTION. ARBITRATION PROVIDES A QUICK AND COST EFFECTIVE MECHANISM FOR RESOLVING DISPUTES, BUT YOU SHOULD BE AWARE THAT IT ALSO LIMITS YOUR RIGHTS TO DISCOVERY AND APPEAL.

Original story:

Consumer credit reporting agency Equifax was recently subject to a large scale cyberattack which may affect the  143 million consumers the company holds information on.

Bloomberg reports that the consumer credit reporting agency Equifax has been subject to a large scale cyberattack which could see the personal data of 143 million Americans left vulnerable. According to a statement from Equifax, the hackers gained access to the names, Social Security numbers, birth dates, addresses and driver’s license numbers of approximately 143 million individuals stored in Equifax’s systems. The credit card information of approximately 209,000 individuals was also accessed according to the company.

Equifax Chief Executive Officer Richard Smith said in a statement, “This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes.” Equifax customers that are worried they may be affected by the hack can visit a website set up by Equifax that will help users determine whether or not their data was compromised in the hack. Equifax is also offering free credit-file monitoring and identity-theft protection. To check if an individual’s information has been compromised, access the website set up by Equifax, enter the last six digits of their social security number along with their last name and the website will answer whether or not their information has been affected by the hack.

Equifax stated that the hackers took advantage of a “U.S. website application vulnerability to gain access to certain files” from May to July of 2017. Tim Crosby, a senior consultant with security-assessment firm Spohn, discussed the hack stating, “It’s a huge deal. You would expect these guys to have compartmentalized this data far enough away from a Web server — that there would not be any way to directly access it.” Equifax has been the victim of cyberattacks in the past, it was discovered by Experian, Equifax, and TransUnion, the three largest credit reporting agencies in the U.S., that in 2013 hackers had gained access to the personal documents of thousands of users.

It was also noted by Bloomberg that three Equifax executives had sold shares worth almost $1.8 million within three days of the hack on the credit reporting agency. Equifax clarified on Thursday that the executives had not yet been informed of the cyberattack when they chose to sell their shares. Equifax learned of the cyberattack on July 29, on August 1 the company’s Chief Financial Officer, John Gamble, sold shares worth $946,374. The President of U.S. Information Solutions, Joseph Loughran, exercised his option to sell stock worth approximately $584,099 and Rodolfo Ploder, the president of workforce solutions, sold $250,458 worth of his stock on August 2.

Ines Gutzmer, a spokeswoman for Equifax, said in a statement that the three executives “sold a small percentage of their Equifax shares,” and “had no knowledge that an intrusion had occurred at the time.” Bart Friedman, a senior counsel at Cahill Gordon & Reindel LLP, who advises company boards on legal matters, said, “I don’t know how the board will allow these executives to continue in their positions.” He continued to say, “yes, they should have a careful investigation and have an independent law firm interview the executives and review their emails and determine what they knew and when, but the end result is likely clear.”