Forensic Investigation of Equifax Data Breach Reveals 2.5 Million More Americans May Be Impacted

Data-Breach

Written By ESR News Blog Editor Thomas Ahearn

Credit reporting agency Equifax Inc. has announced that a forensic investigation of the massive data breach incident first disclosed on September 7, 2017, that impacted approximately 143 million Americans – almost half of the country –  revealed the impact may potentially reach 2.5 million more Americans.

Cybersecurity firm Mandiant was retained by Equifax to investigate the breach and advised that its forensic analysis of consumers possibly affected by the data breach “determined that approximately 2.5 million additional U.S. consumers were potentially impacted, for a total of 145.5 million.”

In the announcement dated October 2, 2017, Equifax interim CEO Paulino do Rego Barros, Jr. stated:  “I was advised Sunday that the analysis of the number of consumers potentially impacted by the cybersecurity incident has been completed, and I directed that the results be promptly released.”

Mandiant did not identify any evidence of additional or new attacker activity or access to new databases or tables. The additional consumers potentially affected by the data breach was confirmed during the remaining investigative tasks and quality assurance procedures built into the investigative process.

In the September 7 announcement initially advising the public about the data breach that occurred between mid-May and July of 2017, Equifax stated: “While the company’s investigation is substantially complete, it remains ongoing and is expected to be completed in the coming weeks.”

Equifax – one of three major credit reporting agencies along with Experian and TransUnion – said the data breach allowed access to sensitive information such as names, social security numbers, birth dates, and addresses. Consumers who want to know if they are impacted can visit www.equifaxsecurity2017.com/am-i-impacted/.

Equifax will mail written notices to all of the additional potentially impacted U.S. consumers identified since the September 7 announcement. The feature on the Equifax website that U.S. consumers may use to determine whether they may have been impacted will be updated by no later than October 8, 2017.

“I want to apologize again to all impacted consumers,” Barros added. The complete announcement from Equifax about new data breach victims is at www.equifaxsecurity2017.com/2017/10/02/equifax-announces-cybersecurity-firm-concluded-forensic-investigation-cybersecurity-incident/.

Employers concerned about credit reports used for background checks being affected by the Equifax data breach can breathe easier knowing their employees will not be affected, according to the article “Should Equifax Data Breach Worry Employers?”  on the Bloomberg BNA website.

Interviewed by Bloomberg BNA about the Equifax data breach, Brad Landin – president and chief compliance officer of global background check firm Employment Screening Resources® (ESR) – said: “I don’t think there’s a risk to consumers in terms of credit reports that are ordered by employers.”

Landin said it was “unlikely employer credit checks for hiring purposes will be affected by the hack” since most employment credit reports are from resellers of credit information and not directly from Equifax. “I’m highly confident that the availability of Equifax credit reports is largely unaffected,” he said.

SOC 2 Audits Help Protect Against Data Breach Incidents

Employment Screening Resources® (ESR) – a strategic choice for businesses needing accuracy and compliance in background check programs – completes an annual a SOC 2® audit to ensure that ESR protects the privacy and security of consumer information. To learn more, visit www.esrcheck.com.

NOTE: Employment Screening Resources® (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this website is for educational purposes only.

© 2017 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.