• Cullen and Dykman LLP Blogs

  • Archives


    Equifax, one of the nation’s largest consumer credit reporting agencies, recently disclosed that it fell victim to a massive data breach. The company revealed on September 7 that hackers obtained the personal information of up to 143 million consumers during a cyber-attack that occurred from May through July.  The information revealed includes consumer’s names, addresses, birth dates, and driver’s license numbers.  It is also believed that the credit card numbers of 209,000 people were leaked as well.

    Equifax is a credit monitoring company that collects and stores consumer’s personal information and then uses this information to calculate individual’s credit score. Equifax obtains this information from credit card companies, banks, and retailers, often without the consumer ever knowing.  The company claims that the breach was due to a flaw in software created by another company, Apache, which Equifax uses in their business.  The particular software that was breached is used by many of the country’s largest companies leading some to wonder if more hacks and leaks may be coming.

    Upon announcing the breach, Equifax created a website (www.equifaxsecurity2017.com) for consumers to check to see if their information was impacted by the breach. Users must enter in their last name and the last six digits of their social security number and then should receive a message indicating whether or not they have been affected.  In addition, the company is offering a free one year subscription to their credit monitoring and identity theft insurance services.

    Equifax has come under fire in recent days for the way it has handled the breach. Many have questioned Equifax’s decision to wait over a month to notify the public about the hack after learning of it on July 29.  Others have noted that the PIN numbers Equifax was initially giving out to consumers to freeze their credit reports were generated by date and time making them easy for potential hackers to guess.  The company also received criticism for including a clause that waives a user’s right to sue Equifax if they sign up for the free year of credit monitoring. However, Equifax has since clarified this issue stating that the clause only applies to suits related to the credit monitoring service and not the data breach itself.

    This massive cyber security breach comes not long after other companies had large amounts of consumer information stolen. Last year Yahoo suffered one breach involving the personal information of 500 million accounts and another that involved over a billion accounts.  In 2013, Target had the credit card information of over 40 million customers stolen due to a data breach.  What makes Equifax’s breach even more distressing is the large amount of personal information the company stores as well as an individual’s inability to change much of this information such as their social security number.

    The FTC has encouraged individuals to use the website set up by Equifax to see if their information has been affected. Consumers should also diligently monitor their credit reports and bank accounts to check for any potential fraudulent activity.

    Institutions should regularly review their cyber security systems to ensure that they are able to handle any potential threats. This includes making sure that all software used by an institution is secure, especially when the software is purchased from an outside vendor.

    If you or your company has any questions concerning cyber security threats and/or policies, please contact Cynthia A. Augello at 516-357-3753 or email her at caugello@cullenanddykman.com.

    Ryan Soebke, a law clerk with Cullen and Dykman LLP assisted with this post.