Almost two weeks after Equifax revealed that 143 million Americans' personal information was exposed in a data breach, the credit monitoring company has finally said how many Canadians were affected by the hack.
In a statement Tuesday, the company said about 100,000 Canadians had their private information exposed, including names, addresses, Social Insurance Numbers, and some credit card numbers. That's enough to put many people at risk of identity theft.
"We apologize to Canadian consumers who have been impacted by this incident," Equifax Canada President Lisa Nelson said. "We understand it has also been frustrating that Equifax Canada has been unable to provide clarity on who was impacted until the investigation is complete. Our focus now is on providing impacted consumers with the support they need."
The company says it will send "notices via mail directly to all impacted consumers outlining the steps they should take."
Equifax is one of only two credit monitoring agencies in Canada, the other being TransUnion. Their credit scores can decide whether people can receive loans, credit cards, and other types of financial services. Some landlords also ask potential tenants for a credit report.
On Sept. 7, Equifax said criminals had gained access to millions of US customers' names, Social Security numbers, birthdates, addresses, some driver's license numbers, and more than 200,000 credit card numbers. The company would only say that some smaller number of UK and Canadian citizens had also been impacted, without providing further details or responding to questions from media outlets including BuzzFeed Canada.
The Canadian Automobile Association expressed frustration with Equifax's lack of transparency and notified about 10,000 customers last week that they may have been affected by the data breach through a partnership with Equifax that was meant to guard against identity theft.
"As of now, we have received no clear information from Equifax about the status of our members’ information and whether or not any of it was breached," the CAA notice read.
Concerns from Canadians also prompted the Office of the Privacy Commissioner to open an investigation into the company's data breach.
"The investigation is a priority for our office given the sensitivity of the personal information that Equifax holds," the office said.
This hack, one of the largest data breaches ever, has led to strong criticism of the Atlanta-based company over how it handles millions of customers' most sensitive personal information. The software vulnerability that hackers used to gain access to Equifax's systems was made public in March, along with a software patch that would fix it. Equifax has said the breach on its site occurred in May, suggesting it failed to update its systems for at least two months.
The company's chief information officer and chief security officer have left the company since the revelations, although their departures were characterized as "retirements."
According to Bloomberg, Equifax may also have been hacked in a separate attack about five months before it revealed anything to the public.
This article has been updated with more information from Equifax.
Ishmael N. Daro is a reporter for BuzzFeed News and is based in Toronto. PGP fingerprint: 5A1D 9099 3497 DA4B
Contact Ishmael N. Daro at email@example.com.
Got a confidential tip? Submit it here.