Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Credit Reporting Agency Announces Widespread Consumer Data Breach

Privacy/Cyber Risk & Data Security Credit Reporting Agency Data Breach

Privacy, Cyber Risk & Data Security

On September 7, a major credit reporting agency issued a press release announcing a data breach that impacts approximately 143 million U.S. consumers. An internal investigation revealed that from mid-May through the end of July 2017, hackers exploited a website application vulnerability to access names, Social Security numbers, birth dates, addresses, driver’s license numbers, as well as roughly 209,000 credit card numbers. The company discovered the breach on July 29 and “acted immediately to stop the intrusion.” A “leading, independent cybersecurity firm” has been hired to recommend security improvements, and the company is working with law enforcement authorities. Furthermore, the press release states that “the company has found no evidence of unauthorized activity on [its] core consumer or commercial credit reporting databases.” A website has been set up to assist consumers trying to determine if their information has been affected and offers credit file monitoring and identify theft protection.