In the meantime, the OPC suggests you monitor your credit cards and bank accounts for unauthorized transactions, report any signs of theft or crime to local police, report scams or frauds to the Canadian Anti-Fraud Centre, and to tell your bank and credit card companies if you believe you've been a target of identity fraud.Also: British Airways hit with customer data theftĮquifax said that the reason hackers were not detected for 76 days was because a device meant to inspect network traffic had been misconfigured and didn't check encrypted traffic for signs of malicious activity. The Office of the Privacy Commissioner of Canada (OPC) said last week that it's investigating the breach, and that Equifax is co-operating. You can only ask for a replacement if you can prove to the government your SIN has been fraudulently used. In an email, Equifax Canada media relations said it "will share more information as soon as it is available."Īnd don't think you can merely ask the government for a new SIN either. What's not clear is whether those affected are limited to Canadians with dealings in the U.S., as Equifax Canada's customer service agents reportedly told callers about the breach. Instead, the company said on Tuesday that it "will be sending notices via mail directly to all impacted consumers outlining the steps they should take." Equifax set up a website for Americans to check whether their information was affected by the breach, but that website doesn't work for Canadians. On the other, there's still no easy way to tell whether or not you're among the unlucky few. On one hand, 100,000 Canadian victims pales in comparison to the 143 million Americans affected. A number of groups have emerged claiming responsibility, but none have been able to provide proof so far. Who's behind it and what did they want?Īs is usually the case in the aftermath of big breaches and attacks, this isn't clear.
Equifax breach Patch#
It's not clear why Equifax didn't patch its systems at that time, nor why the security company Mandiant didn't identify the vulnerability when it was called to investigate Equifax's first security breach that same month.
Equifax breach software#
It's a favourite of financial institutions and government agencies, used for the development of web applications - which is what made it all the more concerning when a critical flaw was discovered in the software in March. We also learned last week that Equifax fell victim to a vulnerability in a widely used piece of software called Apache Struts. Why didn't Equifax patch the hole the intruders used to get in? Equifax has denied the executives knew of the breach when they sold their shares. That timeline will likely prove important, given three of the company's executives sold almost $1.8 million US in shares in the days after the July 29 discovery that the company had been breached. Equifax says the two incidents were unrelated, but either way, the company knew it was being targeted as early as this past spring.
The prior incident occurred in March according to Bloomberg's sources, with one saying it involved the same intruders as the subsequent hack. However, Bloomberg reported on Monday that it was actually the second time the company had been breached this year. And for reasons that remain unclear, it took yet another month for the company to publicly disclose the breach. When did the company know about it?Įquifax has said that the breach occurred in mid-May, but that it only discovered intruders had compromised its systems on July 29 - nearly two months later. How did it happen? Here's what we know so far, and what we don't. In a statement released Tuesday, the company finally confirmed approximately 100,000 Canadians were affected too, with names, addresses, social insurance numbers (SIN) and, in limited cases, credit card numbers among the personal information potentially accessed. It's been nearly two weeks since the credit monitoring company Equifax admitted it had suffered one of the largest data breaches in recent memory - exposing the personal information of a whopping 143 million U.S.
0 kommentar(er)
