Hackers had access to the data between May and July, Equifax said.
The Atlanta-based company, one of three major USA credit bureaus, said Thursday that "criminals" exploited a US website application to access files between mid-May and July of this year. As with several retailer data breaches that have occurred in recent years, Equifax did a poor job of letting the affected consumers know about the breach, what Equifax was doing about it and what actions consumers themselves should take. But the site provides responses even for bogus names and numbers (such as "Trump" and "123456"), leading to questions about its accuracy.
Notification that its monitoring services did not (and would not) improve the health or quality of your credit in any fashion. Democrats in the House and Senate called on the company to pull back that requirement.
He also said consumers can view their own credit reports free of charge once a year at www.AnnualCreditReport.com or by calling 1-877-322-8228. Criminals exploited a USA website application vulnerability to gain access to certain files.
The language has now been taken out of the agreement and consumers are free to pursue legal action against the credit reporting company. The first is freezing their credit.
Here's how to freeze your credit. On Friday, the company made an official statement responding its customer's inquiries.
In afternoon trading, Equifax shares were down $10.03, or 8.1 percent, at $113.20.
More Stock News: This Is Bigger than the iPhone! But what does freezing your credit entail, and how easy is it to do (and undo)? That restricts access to your credit information, which makes it more hard for hackers to open accounts in your name. (ANTM - Free Report) and Sony Corporation (SNE - Free Report) have also been victims of cyber attack, when fraudsters stole large number of consumer data.
It's important to place freezes at the major credit-reporting bureaus in order to halt scammers, which means consumers may need to shell out up to $30 for the service.
"Equifax carries cybersecurity, crime, general-liability and other lines of insurance, and we have begun discussions with our carriers regarding the incident", a spokesperson said by email Saturday, without commenting further.
The complaint also cites the fact that the company took more than a month before making the breach public and they were not able to disclose the reason why. The company has found no evidence that personal information of consumers in any other country has been impacted.
At least 24 federal lawsuits had been filed by Sunday in connection with the breach, which Equifax had publicly revealed three days earlier, and more were filed on Monday, court records show.
According to a study by the Consumer Financial Protection Bureau, only about 16 people per year win in arbitration against companies.
Equifax's ham-handed response is reviving calls to weed out mandatory arbitration from the finance industry.
Doug White, a cybersecurity professor at Roger Williams University, said that type of data could be used to develop more sophisticated phishing emails and scams. Sherrod Brown, D-Ohio, in a statement.
No matter how you slice it, that's an overwhelming amount of negative activity around Equifax's stock on a forward-looking basis.