Equifax : Releases Details on Cybersecurity Incident, Announces Personnel Changes

September 15, 2017 at 05:42 pm

ATLANTA, Sept. 15, 2017 /PRNewswire/ -- As part of the company's ongoing review of the cybersecurity incident announced September 7, 2017, Equifax Inc. (NYSE: EFX) today made personnel changes and released additional information regarding its preliminary findings about the incident.

http://photos.prnewswire.com/prnvar/20060224/CLF037LOGO

The company announced that the Chief Information Officer and Chief Security Officer are retiring. Mark Rohrwasser has been appointed interim Chief Information Officer. Mr. Rohrwasser joined Equifax in 2016 and has led Equifax's International IT operations since that time. Russ Ayres has been appointed interim Chief Security Officer. Mr. Ayres most recently served as a Vice President in the IT organization at Equifax. He will report directly to the Chief Information Officer. The personnel changes are effective immediately.

Equifax's internal investigation of this incident is still ongoing and the company continues to work closely with the FBI in its investigation.

Specific Details of Incident:


    --  On July 29, 2017, Equifax's Security team observed suspicious network
        traffic associated with its U.S. online dispute portal web application.
        In response, the Security team investigated and blocked the suspicious
        traffic that was identified.
    --  The Security team continued to monitor network traffic and observed
        additional suspicious activity on July 30, 2017. In response, the
        company took offline the affected web application that day.
    --  The company's internal review of the incident continued. Upon
        discovering a vulnerability in the Apache Struts web application
        framework as the initial attack vector, Equifax patched the affected web
        application before bringing it back online.
    --  On August 2, 2017, Equifax contacted a leading, independent
        cybersecurity firm, Mandiant, to assist in conducting a privileged,
        comprehensive forensic review to determine the scope of the intrusion,
        including the specific data impacted.
    --  Over several weeks, Mandiant analyzed available forensic data to
        identify unauthorized activity on the network.
    --  The incident potentially impacts personal information relating to 143
        million U.S. consumers - primarily names, Social Security numbers, birth
        dates, addresses and, in some instances, driver's license numbers.
        --  In addition, credit card numbers for approximately 209,000 U.S.
            consumers, and certain dispute documents with personal identifying
            information for approximately 182,000 U.S. consumers, were accessed.
        --  Equifax also identified unauthorized access to limited personal
            information for certain U.K. and Canadian residents and is working
            with regulators in those countries.
    --  With respect to the company's security posture, Equifax has taken
        short-term remediation steps, and Equifax continues to implement and
        accelerate long-term security improvements.

Questions Regarding Apache Struts:


    --  The attack vector used in this incident occurred through a vulnerability
        in Apache Struts (CVE-2017-5638), an open-source application framework
        that supports the Equifax online dispute portal web application.
    --  Based on the company's investigation, Equifax believes the unauthorized
        accesses to certain files containing personal information occurred from
        May 13 through July 30, 2017.
    --  The particular vulnerability in Apache Struts was identified and
        disclosed by U.S. CERT in early March 2017.
    --  Equifax's Security organization was aware of this vulnerability at that
        time, and took efforts to identify and to patch any vulnerable systems
        in the company's IT infrastructure.
    --  While Equifax fully understands the intense focus on patching efforts,
        the company's review of the facts is still ongoing. The company will
        release additional information when available.

Overview of Consumer Support Response and Recent Developments

The company is fully committed to proactively supporting consumers who may have been impacted by the cybersecurity incident. A timeline of our response includes:


    --  The company worked diligently with Mandiant to determine what
        information was accessed and identify the potentially impacted consumers
        in order to make an appropriate public disclosure of the incident.
    --  As soon as the company understood the potentially impacted population, a
        comprehensive support package was rolled out to consumers on September
        7, 2017.
    --  Equifax took the following steps:
        --  Created a dedicated website where consumers could understand whether
            they were impacted, find out more information about the incident and
            learn how to protect themselves.
        --  The company offered free credit file monitoring and identity theft
            protection to all U.S. consumers, regardless of whether they were
            definitively impacted.
            --  TrustedID Premier includes 3-Bureau credit monitoring of
                Equifax, Experian, and TransUnion credit reports; copies of
                Equifax credit reports; the ability to lock and unlock Equifax
                credit reports; identity theft insurance; and Internet scanning
                for Social Security numbers.
        --  The company has also set up a dedicated call center to assist
            consumers with questions and signing up for the free offering and
            has continued to ramp up the call center to reduce wait times.
    --  Equifax also provided written notification to all U.S. State Attorneys
        General and contacted other federal regulators.
    --  Since the announcement, Equifax has taken additional actions including:
        --  Providing a more prominent and clear link from the main
            www.equifax.com website to the cybersecurity incident website
            www.equifaxsecurity2017.com, so that consumers can quickly and
            easily find the information they need.
        --  Tripling the call center team and continuing to add agents, despite
            facing some difficulty due to Hurricane Irma.
        --  Resolving issues with the impact look-up tool.
        --  Addressing confusion concerning the arbitration and class-action
            waiver clauses included in the Terms of Use applicable to the
            product:
            --  The company never intended for these clauses to apply to this
                cybersecurity incident.
            --  Because of consumer concern, the company clarified that those
                clauses do not apply to this cybersecurity incident or to the
                complimentary TrustedID Premier offering.
            --  The company clarified that the clauses will not apply to
                consumers who signed up before the language was removed.
        --  Clarifying that no credit card information is required to sign up
            for the product and that consumers will not be automatically
            enrolled or charged after the conclusion of the complimentary year.
        --  Making changes to address consumer concerns regarding security
            freezes:
            --  The company clarified that consumers placing a security freeze
                will be provided a randomly generated PIN.
            --  The company continues to work on technical difficulties related
                to the high volume of security freeze requests.
            --  Consumers who paid for a security freeze starting at 5pm EST on
                September 7, 2017 will receive a refund.
            --  The company agreed to waive fees for removing and placing
                security freezes through November 21, 2017.

About Equifax

Equifax is a global information solutions company that uses trusted unique data, innovative analytics, technology and industry expertise to power organizations and individuals around the world by transforming knowledge into insights that help make more informed business and personal decisions. The company organizes, assimilates and analyzes data on more than 820 million consumers and more than 91 million businesses worldwide, and its database includes employee data contributed from more than 7,100 employers.

Headquartered in Atlanta, Ga., Equifax operates or has investments in 24 countries in North America, Central and South America, Europe and the Asia Pacific region. It is a member of Standard & Poor's (S&P) 500® Index, and its common stock is traded on the New York Stock Exchange (NYSE) under the symbol EFX. Equifax employs approximately 9,900 employees worldwide.

FOR MORE INFORMATION
1550 Peachtree Street, NE
Atlanta, Georgia 30309

Media Relations
MediaInquiries@Equifax.com

View original content:http://www.prnewswire.com/news-releases/equifax-releases-details-on-cybersecurity-incident-announces-personnel-changes-300520691.html

SOURCE Equifax Inc.

	1st Jan change	Capi.
EQUIFAX INC.	+0.59%	30.75B
S&P GLOBAL, INC.	+0.31%	138B
THOMSON REUTERS CORPORATION	+20.13%	77.06B
MSCI, INC.	-10.66%	40.03B
WOLTERS KLUWER N.V.	+13.91%	37.98B
FACTSET RESEARCH SYSTEMS, INC.	-5.91%	17.11B
TRANSUNION	+13.10%	15.1B
COMPUTERSHARE LIMITED	+9.23%	10.57B
DUN & BRADSTREET HOLDINGS, INC.	-8.97%	4.71B
GLOBALDATA PLC	+18.62%	2.38B

1st Jan change

Capi.

EQUIFAX INC.

+0.59%

30.75B

S&P GLOBAL, INC.

+0.31%

138B

THOMSON REUTERS CORPORATION

+20.13%

77.06B

MSCI, INC.

-10.66%

40.03B

WOLTERS KLUWER N.V.

+13.91%

37.98B

FACTSET RESEARCH SYSTEMS, INC.

-5.91%

17.11B

TRANSUNION

+13.10%

15.1B

COMPUTERSHARE LIMITED

+9.23%

10.57B

DUN & BRADSTREET HOLDINGS, INC.

-8.97%

4.71B

GLOBALDATA PLC

+18.62%

2.38B

Market Closed - Nyse Other stock markets 16:00:02 2024-05-17 EDT			5-day change	1st Jan Change
248.8 ^USD	-0.48%		+2.96%	+0.59%

05-13	The momentum keeps going
05-13	CIBC Capital Initiates Equifax With Neutral Rating, Price Target is $6	MT

The momentum keeps going	05-13
CIBC Capital Initiates Equifax With Neutral Rating, Price Target is $6	05-13	MT
ANALYST RECOMMENDATIONS : Cisco, Delta Air Lines, Mastercard, Visa, Anglo American...	05-13
Transcript : Equifax Inc. Presents at Barclays Americas Select Franchise Conference 2024, May-07-2024 09:45 AM	05-07
Equifax Announces Executive Changes	05-06	CI
Equifax Elects Barbara Larson to the Board of Directors	05-02	CI
Equifax Maintains Quarterly Dividend at $0.39 Per Share; Payable June 14 to Shareholders of Record on May 24	05-02	MT
Equifax Declares Quarterly Dividend, Payable on June 14, 2024	05-02	CI
Equifax Insider Sold Shares Worth $3,178,115, According to a Recent SEC Filing	04-30	MT
Equifax Insider Sold Shares Worth $13,143,490, According to a Recent SEC Filing	04-30	MT
Big tech saves the day, again	04-29
Redburn Adjusts Price Target on Equifax to $267 From $274	04-29	MT
ANALYST RECOMMENDATIONS : Apple, Alphabet, AT&T, Equifax, Darktrace...	04-29
Citigroup Adjusts Price Target on Equifax to $263 From $305	04-25	MT
Nuvo Enhances Credit Application Software with Equifax Commercial Credit Information	04-24	CI
Equifax Workforce Solutions Launches Forms HQ, Expanding the PeopleHQ? Portal	04-24	CI
BNP Paribas Exane Lowers Equifax Price Target to $224 from $235	04-19	MT
Deutsche Bank Adjusts Price Target on Equifax to $252 From $267	04-19	MT
Goldman Sachs Adjusts Equifax Price Target to $241 From $276	04-19	MT
Oppenheimer Adjusts Equifax Price Target to $272 From $291, Maintains Outperform Rating	04-19	MT
Stifel Nicolaus Adjusts Equifax Price Target to $265 From $295	04-19	MT
Baird Adjusts Equifax Price Target to $260 From $275	04-19	MT
JPMorgan Adjusts Equifax's Price Target to $273 From $290, Maintains Overweight Rating	04-19	MT
Morgan Stanley Adjusts Equifax's Price Target to $240 From $225, Keeps Equalweight Rating	04-19	MT
Fed Officials' Remarks, Corporate Earnings Leave Equities Mixed	04-18	MT

Equifax Inc.

Equities

EFX

US2944291051

Professional Information Services

Equifax : Releases Details on Cybersecurity Incident, Announces Personnel Changes

Latest news about Equifax Inc.

Chart Equifax Inc.

Company Profile

Income Statement Evolution

Ratings for Equifax Inc.

Analysts' Consensus

EPS Revisions

Quarterly earnings - Rate of surprise

Sector Other Professional Information Services