For Questions or to Enroll - Call us at (800) 948-0498
This website contains affiliate links, and we may earn a commission

This website contains affiliate links, and we may earn a commission on purchases made through these links. Any commissions earned help support our work in providing valuable content. Please note that LifeLock is not responsible for the content or claims made on this website. We strive for accuracy, but all opinions and recommendations are our own.

Back to Blog

Equifax data breach. When it happened and what were the impacts

January 16, 2025
Ryan Rudd

The Equifax data breach, one of the largest and most significant cybersecurity incidents in history, occurred in 2017. Here’s a detailed look at what happened and its widespread impacts:

When It Happened

  • Discovery Date: July 29, 2017
  • Public Disclosure: September 7, 2017
  • The breach had actually started months earlier, around mid-May 2017, but went undetected for several weeks.

What Happened

  • Hackers exploited a vulnerability in Apache Struts, an open-source web application framework used by Equifax.
  • This vulnerability, which had a known patch available, was not applied in time, leaving the system exposed.
  • As a result, cybercriminals gained unauthorized access to Equifax’s databases.

Scope of the Breach

  • Personal information of 147 million individuals in the United States was compromised.
  • Data exposed included:
    • Social Security Numbers: 145.5 million people
    • Birth Dates
    • Addresses
    • Driver’s License Numbers
    • Credit Card Numbers: 209,000 people
    • Dispute Documents with personal identifying information for 182,000 individuals.

Impacts

1. Financial Consequences

  • Equifax agreed to a $700 million settlement with the Federal Trade Commission (FTC), state governments, and consumers.
    • $425 million was allocated to a restitution fund for affected consumers.
  • Victims faced costs related to monitoring credit, freezing credit reports, and dealing with fraud.

2. Widespread Identity Theft Risks

  • The stolen data was highly sensitive and evergreen, meaning it could be used for fraud years later.
  • Victims were vulnerable to:
    • Credit fraud: Opening of unauthorized accounts and loans.
    • Tax fraud: Filing fraudulent tax returns to claim refunds.
    • Employment fraud: Using stolen identities for illegal employment.

3. Loss of Trust

  • Equifax, a credit reporting agency trusted to safeguard consumer data, suffered a significant blow to its reputation.
  • Consumers became increasingly skeptical about how their personal data was being handled by corporations.

4. Legislative and Regulatory Changes

  • The breach sparked discussions about stricter data privacy and cybersecurity regulations.
  • It prompted the introduction of laws like the California Consumer Privacy Act (CCPA) and reinforced the need for compliance with regulations like the General Data Protection Regulation (GDPR).

5. Long-Term Monitoring

  • Many victims were forced to invest in credit monitoring and identity theft protection services for years following the breach.

Lessons Learned

The Equifax breach highlighted the critical need for:

  • Regular and timely application of security patches.
  • Enhanced oversight and accountability in handling consumer data.
  • Increased awareness among consumers about identity theft risks and prevention.

The incident remains a cautionary tale of how cybersecurity negligence can lead to catastrophic consequences for both companies and individuals.