Approximately 100,000 Canadians have been impacted by a major Equifax cybersecurity breach.
According to the company, cyber criminals exploited a US website application vulnerability to gain access to certain files, and based on Equifax’s investigation, the unauthorized access occurred from mid-May through July 2017.
While it was originally thought that the incident was limited to US consumers, Equifax discovered before announcing news of the breach on September 7 that Canadian and UK consumers were also impacted.
The Canadian investigation is ongoing, but involves potential access to Canadian consumers’ names, addresses, Social Insurance Numbers, and credit card information.
“We apologize to Canadian consumers who have been impacted by this incident,” said Lisa Nelson, president and general manager, Equifax Canada, in a release. “We understand it has also been frustrating that Equifax Canada has been unable to provide clarity on who was impacted until the investigation is complete. Our focus now is on providing impacted consumers with the support they need.”
Equifax has reported the criminal access to law enforcement and continues to work with authorities. In Canada, the company is working in close coordination with Equifax Inc. and the independent cybersecurity firm in conducting the ongoing investigation. It has also been working with the Office of the Privacy Commissioner of Canada (OPC) and will be sending notices via mail directly to all impacted consumers outlining the steps they should take.
We recently discovered a cybersecurity incident involving consumer information. Once discovered, we acted immediately to stop the intrusion.
— Equifax Inc. (@Equifax) September 7, 2017
For Canadians impacted by the breach, the company will be providing complimentary credit monitoring and identity theft protection for 12 months.
Equifax will be updating its website to provide information for Canadians to understand the incident and the company’s response.