Equifax says cybersecurity incident may have hit 143 million customers

Equifax, one of the big three US credit agency, has reported a cybersecurity incident that could potentially impact 143 million U.S. customers.

Equifax said that it discovered the unauthorized access at the end of the July and acted immediately to stop it. The Agency said that the unauthorized accesses took place from mid-May until July, and primarily involved information like names, address, birth dates, Social Security numbers and, in some cases, driver’s license numbers. Furthermore, approximately 209,000 U.S. credit card numbers, and certain dispute documents with personal identifying information for about 182,000 U.S. consumers, were accessed. The hackers gained the access to the Equifax’s system by exploiting a website application vulnerability. The company said that it has reported the criminal access to law enforcement.

According to Equifax, the agency is now working with state and federal authorities, and is alerting its customers whose information was included in the breach via email. Equifax said that it has set up a website – www.equifaxsecurity2017.com – that helps the consumers check if their data has been caught up in the breach.


Sources: BBC, ABC

Ashley Madison to shell out $1.6 Mn over data breach

“Life is short. Have an affair”- This tagline by Ashley Madison sent shock waves across the world back in 2001, at the time of its launch. Ashley Madison is an affair-centric online social networking and dating site that is based in Canada and exclusively caters to married and committed people.

The operators of Ashley Madison agreed to pay a penalty of $1.6 million over a recent breach that exposed private information of around 36 million users based in 46 countries. In 2015, a group of unidentified hackers hacked into the accounts and made all the private information such as the date of birth, sexual preference and relationship status of its members public. This breach led to several cases of blackmail and even suicides.  “This case represents one of the largest data breaches that the FTC has investigated to date, implicating 36 million individuals worldwide,” said FTC chairwoman Edith Ramirez.

The authorities from its Canadian parent company, Ruby agreed to settle for this hefty with the United States Federal Trade Commission and the State regulators for failing in their duty to provide the promised security to its users. Apart from that, the company has been warned to follow the stringent information security practices.

Ramirez furthers elaborates that the amount of penalty does not amount to the magnitude of the damage caused as the FTC wants the company to deeply feel the pain of its members. The settlement was done under the watchful gaze of the consumer protection authorities in Canada and Australia. The company, in its statement said that the payment of penalty drew curtains on this unfortunate event of the past and that it will help the company move on.