Equifax Inc faced a storm of criticism on Friday over a hack that may have compromised personal data for some 143 million Americans, with customers clamoring for answers and cyber security experts questioning the response to the massive breach.
Lawmakers also joined the chorus, scrutinizing the company’s follow up as it encouraged potentially affected customers to sign up for free credit monitoring services, and Equifax shares tumbled as much as 18 percent.
The hack, among the largest ever recorded, was especially alarming due to the richness of the information exposed, which included names, Social Security numbers, birthdays, addresses and driver’s license numbers, cyber researchers said.
Ryan Kalember, senior vice president of the cyber security business Proofpoint, said the breach was “especially troubling” because companies typically offer free credit monitoring services from businesses such as Equifax, which has now itself suffered a huge cyber attack, he added.
Bigger hacks, such as those disclosed by Yahoo last year, did not put as much sensitive information at risk.
The New York and Illinois state attorneys general said they had opened separate formal investigations into the breach.
“My office intends to get to the bottom of how and why this massive hack occurred,” said New York Attorney General Eric Schneiderman said in a statement.
ARTICLE CONTINUES BELOW ADVERTISEMENT
Two proposed class-action lawsuits, one filed in Portland, Ore., and another in Atlanta, Ga., contended Equifax had been negligent in protecting consumer data.
Equifax disclosed Thursday the breach it had discovered on July 29, and said criminals exploited a vulnerability in a website application to gain access to certain files. The Atlanta-based company said hackers accessed accounts between mid-May and July and accounts of some British and Canadian residents also were compromised.
Equifax has not said specifically how attackers were able to break in.
The FBI said it is tracking the matter and a U.S. intelligence official told Reuters it was too soon to know if the attack was strictly criminal in nature or if it had the backing of a foreign government.
Twitter users on Friday commented that customer service representatives were difficult to reach and either unhelpful or unaware that the breach had occurred.
Equifax handles data on more than 820 million consumers and 91 million businesses worldwide and manages a database with employee information from more than 7,100 employers, according to its website.