Canadian Underwriter

Final count is that 8,000 Canadians, 145.5 million Americans affected by Equifax breach

October 3, 2017   by Staff

Print this page

technology-01The personal information of approximately 8,000 Canadians has been compromised as a result of the cyber breach that hit Equifax this summer. The company previously estimated that hackers had accessed the information of 100,000 Canadian customers.

An investigation into the breach also found that Canadians are among some of the consumers whose credit card information was accessed. The company’s initial statement on Sept. 7 regarding the breach stated that the credit card numbers of approximately 209,000 U.S.-based customers had been breached.

Related: Six ways to protect your brokerage from security breaches

“We have not yet mailed any notification letters, but we plan to mail these letters as soon as possible. These letters will contain further information on the complimentary credit monitoring and identity theft protection services offered to impacted consumers,” states a note on Equifax Canada’s website on Oct. 3.

“In the meantime, please take into account the following factors, which will help to increase your level of protection: Equifax will not make any unsolicited outbound telephone calls to consumers to discuss this matter [and] Equifax will not send any unsolicited emails asking for your personal information,” the note continues.

The company has said it believes that hackers accessed Equifax Canada’s systems through a consumer website application designed for U.S. consumers. The breach occurred between May 13 and July 30. The company discovered the breach on July 29 but made its first public announcement on Sept. 7 when it said that hackers had accessed information that includes names, social security numbers, birth dates, addresses and, in some instances, driver’s license numbers.

Related: The IT department

The final tally of impacted consumers, released on Oct. 2, comes with the completion of the forensic portion of the investigation into the incident. Mandiant, the cybersecurity firm investigating the incident, informed Equifax on Oct. 1 that it completed its analysis of the consumers that were potentially impacted by the incident.

Mandiant also determined that the number of Americans affected by the breach is higher than the original estimate. The cybersecurity firm identified that approximately 2.5 million additional U.S. consumers were impacted, leading to a total of 145.5 million.

Equifax will mail written notices to all of the additional impacted U.S. consumers identified since the Sept. 7 announcement. The feature on the website that U.S. consumers may use to determine whether they have been impacted will be updated to reflect the higher number of impacted U.S. consumers by no later than Oct. 8.

Related: Canadian consumers unconcerned with data privacy, despite growing cyberattacks, security breaches: Deloitte

The investigation into the number of affected U.K.-based customers was also completed and that information is being analyzed in the U.K. Equifax is continuing discussions with regulators in the region regarding the scope of the company’s consumer notifications, according to the announcement.

Equifax is facing investigations in Canada and the U.S., as well as at least two proposed class actions filed in Canada. A number of executives, including its CEO and chief security officer, have left the company since the breach was announced on Sept. 7.

– With files from The Canadian Press

This story was originally published by Canadian Insurance Top Broker.