Tuesday 20 March 2018

Irish operations unaffected says Equifax despite US data breach

Equifax says a breach exposed Social Security numbers and other data from about 143 million Americans and some Britons and Canadians (AP)
Equifax says a breach exposed Social Security numbers and other data from about 143 million Americans and some Britons and Canadians (AP)
Adrian Weckler

Adrian Weckler

An Irish spokeswoman for credit-monitoring giant Equifax said she does not believe the company's Irish operations have been affected by a massive data breach exposing the personal information of over 143 million people on Equifax's database.

However, the spokeswoman said that it has not yet been established exactly whether Irish interests have been hit.

Equifax was subject to one of the most damaging cyber attacks in recent history, affecting 143 million Americans and an undisclosed number of details of individuals outside the US.

The data exposed included credit card details and social security numbers.

The company set up an office in Wexford over 20 years ago and expanded its operations in Ireland with new offices in Dublin last year, promising to double its workforce here from 100 to 200.

Companies in Ireland that suffer data breaches are required to inform the Irish Data Protection Commissioner.

However, a spokeswoman for the Irish data watchdog said that no notification has been made by Equifax.

Equifax has attracted criticism for delaying notification of the breach. While it discovered the cyber attack on July 29, it did not disclose the breach until last Thursday.

The breach has already sparked at least one class-action legal case in the US from individuals who say they now need to pay extra for anti-fraud technology.

The Equifax hack ranks as one of the worst attacks in history because of the sensitivity of the credit-check information. Data exposed included full names, birth dates, addresses, and, driver licence numbers and US social security numbers. Unlike larger recent hacks involving web giants such as Yahoo, the Equifax data is typically used for verification from banks, insurance companies and other financial authorities.

The stolen data can be enough for criminals to hijack the identities of people whose credentials were stolen through no fault of their own, potentially wreaking havoc on their lives.

However, Equifax said its core credit-reporting databases did not appear to have been breached.

"On a scale of one to 10, this is a 10 in terms of potential identity theft," said Gartner security analyst Avivah Litan.

"Credit bureaux keep so much data about us that affects almost everything we do."

Lenders rely on the information collected by the credit bureaux to help them decide whether to approve financing for homes, cars and credit cards.

Credit checks are even sometimes done by employers when deciding whom to hire for a job.

Meanwhile, it has emerged that three Equifax senior executives sold shares worth almost €1.5m in the days after the company discovered its security breach.

However, at the time they sold their stock, the trio had not yet been informed of the incident, according to a company spokesman.

Equifax is one of the three-largest credit-reporting firms in the US, alongside rival firms Experian and TransUnion.

The company organises and analyses data on more than 820 million consumers and more than 91m businesses worldwide. Equifax's databases hold employee data submitted by more than 7,100 employers.

New laws to be introduced next year will levy heavy fines on companies that fail to disclose data breaches. The General Data Protection Regulation will take effect in May 2018.

Irish Independent

Business Newsletter

Read the leading stories from the world of Business.

Also in Business