Equifax just suffered what may be one of the biggest and most potentially damaging data breaches in history, and security experts are saying that the breach was probably preventable.
The credit bureau said Thursday that it learned July 29th that hackers had compromised the personal data–including credit card numbers, social security numbers, and birthdates–of 143 million US consumers and an unspecified number of UK and Canadian customers, in a breach that occurred sometime between mid-May and July. The credit cards of 209,000 U.S. customers were compromised, as well as personally identifiable information on 182,000 people involved in credit disputes.
Equifax chairman and CEO Richard F. Smith called the breach “disappointing.”
“This is a terrible story,” said Cooper Levenson attorney and security expert Peter Fu. “No one entity should ever have all of our personal data in a single breakable point of entry.” The sheer volume of the loss suggests hackers were able to quickly grab huge chunks of data in a “catastrophic” breach, Fu says.
Related: Equifax execs dumped company stock before disclosing data breach
While law enforcement is keeping the technical details of the breach quiet for the moment, the available facts strongly suggest Equifax may not have been following accepted security guidelines.
Fu points out that the Payment Card Industry security guidelines used by banks and credit card companies require that companies keep billing information (names, addresses, social security numbers, etc.), financial information (credit card numbers), and miscellaneous supporting documents in separate secure places.