Equifax has revealed the extent of a security breach that occurred earlier this year. It is thought that 2.5 million more Americans than previously thought may have had information compromised in the huge cyber security breach at the firm. This means that a total of 145.5 million customers were affected.

Critics say that the company failed to take proper steps to guard information – such as Social Security numbers, birth dates and addresses – and waited too long to inform the public.

Equifax disclosed the attack last month, estimating that around 400,000 Britons and 100,000 Canadians may also have had data compromised.

Richard Smith, former boss of Equifax, is to testify in Congress about the attack. He apologised ahead of the hearing for the firm’s failing and urged the US to adopt new standards for customer credit information. Mr smith said that the attack made him believe that consumers should have sole control over when their credit information may be accesses.

Mr Smith also offered a timeline of events of the incident –

  • first attack occurred in May – with hackers taking advantage of a software vulnerability that Equifax was warned about in March and did not address
  • An intrusion was identified on the 29th July
  • An investigation ordered by the company revealed the enormity of the attack by mid-August

Mr Smith said Equifax faced a huge task to prepare to respond to customers. The firm was overwhelmed by calls after the breach became public and faced problems with the website it created to address customer complaints.

Equifax holds data on more than 820 million consumers as well as information on 91 million businesses.

www.bbc.co.uk/technews (2nd October)