Equifax said an internal investigation revealed hackers exploited a vulnerability in a U.S. website application to gain unauthorized access to files from mid-May through July. The company, however, said it hasn’t found any indication that its “core consumer or commercial credit reporting databases,” had been comprised.
The company, which offers credit-monitoring and identity-theft protection products to guard consumers’ personal information, said it discovered the breach on July 29. Equifax said it reported the intrusion to law enforcement and contracted a cybersecurity firm to conduct a forensic review.
Equifax said hackers gained access to systems containing customers’ Social Security numbers, birth dates, addresses and driver’s license numbers. The company said credit-card numbers for approximately 209,000 U.S. consumers were accessed, as well as dispute documents with sensitive information for another 182,000 people.
Fortunately, Equinox is on the job:
“This is clearly a disappointing event for our company....,” Equifax Chief Executive Richard Smith said in prepared remarks.