Equifax, a credit agency, has admitted that data from 143 million of their customers may have been compromised in a breach in security earlier this year.
Residents of the United Kingdom, Canada, and the United States of America are among those customers to have their details accessed due to a website application vulnerability.
The attack was determined to have run from the middle of May until the 29th of July, but the company has taken 40 days to notify their customers that their personal data were compromised.
Three of the senior executives of the company sold shares worth almost $1.80 million before the breach was disclosed publicly.
Bloomberg stated that at this point, they had not been notified regarding the incident.
In after-hours trading, the shares of the firm declined by 12.4% when the data breach was announced.
Names, birth dates, security numbers, addresses, and in some cases, driving license number were stolen, as well as credit card numbers of more than 200,000 people.
Richard Smith, the company’s chief executive, stated: “This is clearly a disappointing event for our company and one that strikes at the heart of who we are and what we do.
“I apologise to consumers and our business customers for the concern and frustration this causes.”
XSS vulnerabilities are common issues with web applications and can enable attackers to bypass access controls and view information that they do not have the authorization to access.
Equifax stated that it had reported the said breach to US law enforcement, and would “work with UK and Canadian regulators to determine appropriate next steps.”
In 2016, the Information Commissioner’s Office (ICO), the UK regulator, fined TalkTalk a record £400,000 after insufficient security enabled hackers to have access to information belonging to more than 156,000 customers.
The number of UK consumers affected by the breach were not revealed by Equifax.
James Dipple-Johnstone, ICO Deputy Commissioner, informed Sky News that “Reports of a significant data loss at US-based Equifax and the potential impact on some UK citizens gives us cause for concern.
“We are already in direct contact with Equifax to establish the facts including how many people in the UK have been affected and what kind of personal data may have been compromised.
“We will be advising Equifax to alert affected UK customers at the earliest opportunity.
“In cyber attack cases that cross borders, the ICO is committed to working with relevant overseas authorities on behalf of UK citizens.”