Equifax Announces Cybersecurity Firm Has Concluded Forensic Investigation of Cybersecurity Incident
Potentially impacted U.S. consumers increased by 2.5 million
Equifax Inc. (NYSE: EFX) announced today that the cybersecurity firm Mandiant has completed the forensic portion of its investigation of the cybersecurity incident disclosed on September 7 to finalize the consumers potentially impacted.
“I was advised Sunday that the analysis of the number of consumers potentially impacted by the cybersecurity incident has been completed, and I directed that the results be promptly released,” newly appointed interim CEO, Paulino do Rego Barros, Jr. said. “Our priorities are transparency and improving support for consumers. I will continue to monitor our progress on a daily basis.”
In the Sept. 7 announcement advising the public of the cybersecurity incident, Equifax said, “While the company’s investigation is substantially complete, it remains ongoing and is expected to be completed in the coming weeks.” Mandiant, the cybersecurity firm retained by Equifax to investigate the breach, advised the company Sunday that it has completed its forensic analysis of the consumers potentially impacted by the incident.
The completed review determined that approximately 2.5 million additional U.S. consumers were potentially impacted, for a total of 145.5 million. Mandiant did not identify any evidence of additional or new attacker activity or any access to new databases or tables. Instead, this additional population of consumers was confirmed during Mandiant’s completion of the remaining investigative tasks and quality assurance procedures built into the investigative process.
The completed review also has concluded that there is no evidence the attackers accessed databases located outside of the United States.
With respect to potentially impacted Canadian citizens, the company previously had stated that there may have been up to 100,000 Canadian citizens impacted, but that number was preliminary and did not materialize. The completed review subsequently determined that personal information of approximately 8,000 Canadian consumers was impacted. In addition, it also was determined that some of the consumers with affected credit cards announced in the company’s initial statement are Canadian. The company will mail written notice to all of the potentially impacted Canadian citizens.
The forensic investigation related to United Kingdom consumers has been completed and the resulting information is now being analyzed in the United Kingdom. Equifax is continuing discussions with regulators in the United Kingdom regarding the scope of the company’s consumer notifications as the analysis of the completed forensic investigation is completed.
To be clear, the individuals identified in this update, and the unauthorized access of information, all relate to the cybersecurity incident disclosed on Sept. 7.
To minimize confusion, Equifax will mail written notices to all of the additional potentially impacted U.S. consumers identified since the Sept. 7 announcement. The feature on the website that U.S. consumers may use to determine whether they may have been impacted will be updated to reflect the additional potentially impacted U.S. consumers discussed in this release by no later than October 8.
“I want to apologize again to all impacted consumers. As this important phase of our work is now completed, we continue to take numerous steps to review and enhance our cybersecurity practices. We also continue to work closely with our internal team and outside advisors to implement and accelerate long-term security improvements,” Barros added.
About Equifax
Equifax is a global information solutions company that uses trusted unique data, innovative analytics, technology and industry expertise to power organizations and individuals around the world by transforming knowledge into insights that help make more informed business and personal decisions.
Headquartered in Atlanta, Ga., Equifax operates or has investments in 24 countries in North America, Central and South America, Europe and the Asia Pacific region. It is a member of Standard & Poor’s (S&P) 500® Index, and its common stock is traded on the New York Stock Exchange (NYSE) under the symbol EFX. Equifax employs approximately 10,000 employees worldwide.
Recent Updates
-
March 01, 2018
Equifax Releases Updated Information on 2017 Cybersecurity Incident
-
January 31, 2018
Equifax Launches Lock & Alert™
-
November 03, 2017
Equifax Board Releases Findings of Special Committee Regarding Stock Sale by Executives
-
October 02, 2017
Equifax Announces Cybersecurity Firm Has Concluded Forensic Investigation of Cybersecurity Incident
-
September 28, 2017
WSJ Opinion: On Behalf of Equifax, I’m Sorry
-
September 26, 2017
Equifax Chairman, CEO, Richard Smith Retires; Board of Directors Appoints Current Board Member Mark Feidler Chairman; Paulino do Rego Barros, Jr. Appointed Interim CEO; Company to Initiate CEO Search
-
September 15, 2017
Equifax Releases Details on Cybersecurity Incident, Announces Personnel Changes
-
September 14, 2017
A Progress Update for Consumers
-
September 13, 2017
A Progress Update for Consumers
-
September 11, 2017
A Progress Update for Consumers
-
September 08, 2017
A Progress Update for Consumers
-
September 08, 2017
Call Center Update
-
September 07, 2017
Equifax Announces Cybersecurity Incident Involving Consumer Information