Credit reporting agency Equifax is facing a class-action lawsuit seeking up to $70 billion in damages after nearly half of the US population fell victim to a massive cyber fraud.
Democratic Senator Tammy Baldwin from Wisconsin requested the Senate Commerce Committee to hold a hearing on the Equifax hack which exposed the personal data of 143 million US citizens, New York Post reported late on Friday.
Equifax earlier said in a statement that hackers exploited a vulnerability in the company’s website application from mid-May through July and gained access to consumer information including names, Social Security numbers, birth dates, addresses and in some instances, driver’s license numbers.
Approximately 209,000 consumers’ credit card numbers and 182,000 consumers’ dispute documents with personal identifying information were also part of the breach.
Lawyers for Mary McHill and Brook Reinhard, who had their personal information stored by the company, filed a complaint in the Oregon federal court against Equifax, seeking up to $70 billion in damages, vanityfair reported.
Equifax discovered the breach on July 29 but alerted the people only on September 7 after three senior executives sold shares worth almost $1.8 million.
Equifax is one of the business customers of AT&T.
AT&T said its security team has been assessing Equifax’s data breach since it was announced. There was no breach of AT&T systems or the data. Perpetrators targeted only Equifax systems.
“We understand that the impacts include current and former consumer and business customers of AT&T. Current and former customers of AT&T should visit www.equifaxsecurity2017.com to confirm if they are potentially affected and to sign up for credit file monitoring and identity theft protection,” AT&T said.
“This is clearly a disappointing event for our company and one that strikes at the heart of who we are and what we do. I apologise to consumers and our business customers for the concern and frustration this causes,” said Equifax chairman and CEO Richard F Smith.
Equifax identified unauthorized access to limited personal information of certain UK and Canadian residents as part of its investigation into the application vulnerability.
The company has created a dedicated website — www.equifaxsecurity2017.com, to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection.
The company will send direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were impacted.
Equifax was also contacting US state and federal regulators and has sent written notifications to all state attorneys general, which includes company’s contact information for regulator inquiries.