Personal information of over 140 million US citizens has been leaking for a month

Equifax, the oldest credit bureau in the US has announced a data leak that has been present since mid-May, only discovered and shut down on July 29th.

The data leak reported directly by the company’s Twitter account states that the leak exposed private information (including social security numbers, addresses, birth dates, and driver’s license numbers) concerning 143 million US consumers.

In addition, credit card information for 209,000 US citizens was among the data leaked, along with an unidentified number of UK and Canadian citizens.

“This is clearly a disappointing event for our company and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Chairman and Chief Executive Officer, Richard F. Smith.

Due to the sensitive nature of the information leaked, the incident dwarfs prior cyber attacks, including the breach into Yahoo that leaked information on 1.5 billion users, as well as the eBay hack that leaked sensitive information on 145 million users.

In response, the company set up EquifaxSecurity2017 to help the affected users protect themselves from fraud and identity theft. In the meantime, the bureau is working with regulators in the UK and Canada to avoid further repercussions from the incident

“We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident,” said Smith.

While the company claims to be doing everything possible to fix the situation- the hack had been discovered over a month ago and decided to keep the news from users.

Considering the amount of potential damage that could result from giving the hackers a whole month before warning the victims, it will take more than an apology and free identity theft support to repair the damage.