Equifax Breach Exposes Personal Data Of 143 Million People

Equifax says it suffered a massive data breach involving as many as 143 million people in the U.S. Social Security numbers, birth dates, addresses and drivers licenses were apparently exposed, thus making this one of the worst hacks ever reported.

ROBERT SIEGEL, HOST:

A massive hack of the company Equifax has compromised the personal information of as many as 143 million Americans. Regulators have launched an investigation into what appears to be one of the most serious data breaches ever. NPR's Chris Arnold reports.

CHRIS ARNOLD, BYLINE: Equifax is one of the big, powerful gatekeepers holding the keys to your ability to get a mortgage or a car loan or even get hired for a job. That's because they determine your all-important credit score. To do that, they collect all kinds of sensitive information about you. So in this hack, the company says the bad guys got Social Security numbers, names, birth dates, addresses, driver's license numbers.

IRA RHEINGOLD: In the world of hacks, this is pretty horrific.

ARNOLD: Ira Rheingold heads up the National Association of Consumer Advocates.

RHEINGOLD: This is not merely sort of getting into one credit card account. They have a lot of information about you now, and they - and you - they have enough information to create new accounts in your name.

ARNOLD: So what can people do if they're worried about that? If you go to this website, equifaxsecurity2017.com, the company says you can find out if your information was affected. Equifax will enroll you for free in a credit-monitoring service for a year. We have that info on the NPR webpage, too. Isaac Porche is a cybersecurity expert with RAND Corporation.

ISAAC PORCHE: The most important thing is to monitor your credit cards, your bank statements, even your credit reports as frequently as you can so you can catch it because this is not the only compromise. There have been many. This is what we know about. There will be more in the future.

ARNOLD: As far as his reaction to this particular hack...

PORCHE: It's big. It's bad. It's ugly. But it's definitely not surprising. Our information is valuable. And when you have these large stores of information, it's a giant target for nefarious actors.

ARNOLD: And these days, organized crime or even nation-states themselves can be involved in these break-ins, so he says you have to assume that your personal data will get stolen and be vigilant. That doesn't mean that Equifax was doing enough to keep your information safe. Even the company's CEO, Rick Smith, says it needs to do more. He said this in a video statement.

(SOUNDBITE OF ARCHIVED RECORDING)

RICK SMITH: I deeply regret this incident, and I apologize to every affected consumer. And while we've made significant investments in cybersecurity, we have more to do, and we will.

ARNOLD: But in the fine print for the credit-monitoring service, Ira Rheingold says there's language that appears to ask you to sign away your right to sue Equifax if you accept the help.

RHEINGOLD: I think it's dishonest offering you a service, then attempting to cover their butts.

ARNOLD: New York Attorney General Eric Schneiderman tweeted that his office is demanding that Equifax remove such language. The company now says the language will not apply to the security breach. Meanwhile, the New York attorney general has launched an investigation. Also, according to regulatory filings, several senior Equifax executives sold $2 million worth of company stock after the attack took place. Equifax says the executives had no knowledge of the breach at the time that they sold the shares. Chris Arnold, NPR News.

Copyright © 2017 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.