The breach of the records of 143 million consumers from Equifax (EFX) , one of the three main credit rating bureaus, will increase the opportunity for identity theft to occur since personal information was stolen by hackers.
Equifax, the Atlanta-based company that records the credit reports of Americans when they try to obtain a new credit card, car loan or mortgage, reported on Thursday that its system was hacked by cybercriminals from May to July. The company said it has not discovered any incidences of unauthorized activity from its core consumer or commercial credit reporting databases.
The company said it found the intrusion on July 29 and the hackers targeted information including names, Social Security numbers, birth dates, addresses as well as driver's license numbers.
The fraudsters also gained the credit card numbers for 209,000 consumers, including "dispute documents with personal identifying information for approximately 182,000 U.S. consumers," Equifax said in a statement. Hackers also gained access to the records of some UK and Canadian residents, but the number was not disclosed.
- Colossal Equifax Data Breach: What 143 Million People Might Want to Do Now
- Equifax Shares Tank After Company Announces Breach of 143 Million Customers
An independent cybersecurity firm was hired by Equifax to undertake a comprehensive forensic review to determine the extent of the hack and data.
This cyberattack has widespread ramifications, since Equifax has "the data on almost everybody in the country," said Jeff Golding, chief growth officer at IRH Capital, a Northbrook, Ill.-based financial company and former CEO of WilliamPaid, a company that allows people to build credit through paying their rent online. The U.S. Census Bureau estimated in its 2015 survey that there are 321 million people living in the U.S.
The three main credit bureaus, Equifax, TransUnion and Experian, maintain reports on when consumers' attempt to obtain loans, their payment history and the amount of available credit. Lenders use one or all three of these companies when consumers seek a credit card, mortgage or other loans.
"This is a big deal," Golding said. "If you ever had your credit pulled, they have information on you. If you ever filled out a loan application, they will have data like your driver's license."
The data breach of Equifax data breach could "potentially be one of the most significant data breaches in history," said Marie White, CEO of Security Mentor, a Pacific Grove, Calif.-based provider of security awareness training.
"The size of the breach, quality and quantity of personal information and far-reaching impact make it unprecedented," she said. " Imagine if one out of every two people walking down the street dropped their credit card, along with a sticky note on the back with all their personal information needed to access that card. Now imagine that happening in every city across the county."
The credit bureaus work with different lenders such as banks since each company pays to report data to them, but all of them purchase data from the other bureaus and use public databases also, Golding said.
"Experian also sells background check services and identity theft service which they monitor daily," he said. "Their databases house all your personal data that's ever been provided, acquired though applications, lenders they work with or credit card companies. They are constantly buying data back and forth."
While not all lenders report to all three bureaus, consumers who applied for a mortgage are likely to have their scores pulled for all of the companies. Consumers who use Credit Karma or Credit Sesame or credit card companies such as Chase or Discover to monitor their credit score will see different scores since some lenders report to one while others report to two or all three.
"Your credit profiles can be different," Golding said. "Lenders aren't required to report data. It's elective and they do it as self-policing their industry."
Since the hackers have copious amounts of personal identifiable information, your identity could likely be compromised, he said.
"This makes it a lot easier for identity theft to occur," but it is unlikely that the hackers gained access to all their encrypted databases to match up all the information such as the driver's license or Social Security number, Golding said.
While Equifax has not revealed the specifics of the hack, either the databases were not encrypted or the "application vulnerability that was exploited provided authorized access to the data in an unencrypted state," said Nathan Wenzler, chief security strategist at AsTech, a San Francisco-based security consulting company.
When databases are stolen whole, companies have announced that they don't believe the information can be accessed, but are providing free credit monitoring services just as a precaution.
"For Equifax to come out and state what data was actually lost and to not include any statement like that suggests that the data itself was actually compromised," he said. "Either because it wasn't encrypted at all, or the exploit granted authorized access to decrypt the data and provide it to the attacker as a valid request. I am not sure if we'll ever see that level of detail come from Equifax and their investigation, though, which confirms the specific exploits or how the data was, or was not, encrypted."
About the government and hacking...
How Consumers Can Combat Hacking
Consumers can contact Experian or the other credit bureaus and have a freeze placed on their account which means lenders will not receive a report without the person's authorization. Going forward with this option means that when someone is seeking an auto loan, they must either unfreeze the account beforehand or will face the lack of a report.
"Experian will not allow your credit to be pulled without contacting you first and will ask several questions to verify your identity," Golding said.
Credit scores of consumers should not be affected unless they do not monitor their reports often or a creditor has not received payment on a fraudulent account created by a hacker.
"Late payments are only reported if it is 30 days overdue and consumers who file a complaint will not have their credit score affected until it is resolved," he said.
Phishing attacks are likely to increase with this breach occurring, said White.
"Phishers see this as prime phishing ground," she said. "Like fishermen finding easy pickings when fishing in huge schools of fish, phishers take advantage of knowing that their phishing emails will likely be relevant to millions of targets. The best advice -- be very careful of any emails regarding the Equifax breach and avoid clicking on links in emails. Instead, go directly to Equifax's website."
This breach will likely be damaging to the users whose data was stolen because of the sensitive nature of the documents, said Wenzler.
"This will almost certainly cause a huge blow to Equifax's credibility and reputation as a trustworthy reporting source for credit information," he said. "This kind of loss could easily linger in the minds of customers, both commercial and private, for years to come.
The hackers could have received more sensitive information such as the type of account, when it was opened, the limit and the balance and payment history, said White.
"They also have information on consumers' address history and debt. With all this information, the risk of identity theft is far greater," she said. "For example, hackers can now answer questions that are typically required to access financial accounts."
Companies should adopt a comprehensive security strategy is absolutely necessary which includes education, technical security controls for servers and other assets, network security and stronger software development practices that "create secure applications during development, not tacked on after the fact," Wenzler said. "Hackers will find the easiest path to steal data, and organizations must be more diligent about making security part of every aspect of their technology infrastructure and development efforts," he added.
Consumers can determine if their personal data was affected and sign up for one free year of credit monitoring from Equifax, Experian and TransUnion credit reports, copies of Equifax credit reports, the ability to lock and unlock Equifax credit reports, identity theft insurance and Internet scanning for Social Security numbers - all complimentary to U.S. consumers for one year through www.equifaxsecurity2017.com or call a designated call center at 866-447-7559 from 7:00 a.m. - 1:00 a.m. ET seven days a week.
More of What's Trending on TheStreet:
- Carly Fiorina on Not Running for Senate, Cryptocurrency and the Opioid Epidemic
- Gold Prices Will Skyrocket 700% to $10,000 as War Looms, Expert Predicts
- Here's the Hottest New Way to Get Rich With Gold
- Colossal Equifax Data Breach: What 143 Million People Might Want to Do Now
- Chili's to Trim 40% of Its Menu, as Casual Dining Pressures Persist
- Chipotle Disaster Continues
Editors' pick: Originally published Sept. 7.