Individual Tax ID numbers (ITINs) were generally housed in the same field as the SSNs. That require notification in such circumstances (e.g., Indiana). The impacted population included individuals with a SSN not stolen together with a name in jurisdictions This represents the number of individuals who are part of the impacted population because their SSN was stolen. State, DL Issued Date, D.O.B., Canada SIN, Passport #, CC Number, Exp Date, CV2, TaxID, Email Address, Full Name. The full list of standardized columns is SSN, First Name, Last Name, Middle Name, Suffix, Gender, Address, Address2, City, State, ZIP, Phone, Phone2, DL #, DL License Forensic investigators were able to standardize certain columns containing various types of information for further analysis toĭetermine the impacted consumers and Equifaxs notification obligations. The attackers accessed records across numerous database tables with different schemas. This includes the extra measures the company took to confirm the Summary of the companys analysis of data stolen in last years cybersecurity incident. The data described above is not additional stolen data, and it does not impact additional consumers. consumers for each of the listed data elements.įirst Name, Last Name, Middle Name, Suffix, Full Name That follows provides the approximate number of impacted U.S. stateĭata breach notification laws generally do not require notification to consumers when these data elements are compromised, particularly when an email address is not stolen in combination with further credentials that would permit access. With respect to the data elements of gender, phone number, and email addresses, U.S. As stated above, Equifax notified the public on September 7, 2017 of the primary data elements that were stolen. consumers for each of the following data elements: name, date of birth, Social Security number, address information, gender, phone number, drivers license number, email address, payment card number and expiration date, Investigators were able to standardize certain data elements for further analysis to determine the impacted consumers and Equifaxs notification obligations.Īs a result of its analysis of the standardized data elements, including using data not stolen in the attack, the company was able to confirm the approximate Table may have labeled the column containing first name as ∿IRSTNAME, another may have used USER_FIRST_NAME, and a third may have used ∿IRST_NM. With assistance from Mandiant, a cybersecurity firm, forensic For example, not every database table contained a field for drivers license number, and for more common elements like first name, one Number of database tables with different schemas, and the data elements stolen were not consistently labeled. The attackers stole consumer records from a and international core consumer, employment and income, or commercial credit reporting databases were accessed as part of the cyberattack.įurthermore, Equifax offered a comprehensive support package to impacted consumers on September 7, 2017. Statements made clear, the companys forensics experts found no evidence that Equifaxs U.S. Limited personal information for certain United Kingdom and Canadian residents. consumers (since updated)Ĭredit card numbers of approximately 209,000 consumersĬertain dispute documents with personal identifying information of approximately 182,000 consumers Names, Social Security numbers, birth dates, addresses and, in some instances, drivers license numbers of 143 million U.S. Stolen by the attackers primarily included: consumers.Īs announced on September 7, 2017, the information The companys responses regarding the extent of the incident impacting U.S. Accordingly, Equifax submits this statement to supplement The past several months, congressional committees have requested information from Equifax regarding the extent of the cybersecurity incident that Equifax reported on September 7, 2017. REGARDING THE EXTENT OF THE CYBERSECURITY INCIDENT
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |