Equifax on Monday said an investigation into the massive data breach at the credit agency discovered 2.5 million additional potential victims, bringing the total to 145.5 million.
Interim chief executive Paulino do Rego Barros, made the disclosure in a statement, saying: “Our priorities are transparency and improving support for consumers. I will continue to monitor our progress on a daily basis.”
The statement said the cybersecurity firm Mandiant made the new estimate after a forensic review of the incident, which is believed to be one of the worst breaches because of the sensitivity of data leaked.
The review “also has concluded that there is no evidence the attackers accessed databases located outside of the United States,” the Equifax statement said.
Mandiant found that about 8,000 Canadian consumers were affected by the hack, fewer than the initial estimate of 100,000. The company said a review of the impact on British consumers was still being analyzed.
Separately on Monday, former Equifax chief executive officer Richard Smith said in testimony prepared for a congressional hearing that the security team at Equifax failed to patch a vulnerability in March after getting a warning about the flaw.
Smith offered a timeline of the cyberattack which leaked US Social Security numbers and other sensitive data.
Smith said in prepared remarks to a House of Representatives panel that the company on March 9 circulated an internal memo warning about a software flaw identified by the US government’s Computer Emergency Response Team.
He added that Equifax policy would have required a patch to be applied within 48 hours and that this was not done — but he could not explain why.
Equifax’s information security department ran scans that should have identified any systems that were vulnerable, but failed to identify any flaws in the software known as Apache Struts.
“I understand that Equifax’s investigation into these issues is ongoing,” he said in the statement. “The company knows, however, that it was this unpatched vulnerability that allowed hackers to access personal identifying information.”
Smith said he was notified of the breach on July 31, but was not aware “of the scope of this attack.”
He informed the company’s lead director three weeks later, on Aug. 22, and board meetings were held on the matter Aug. 24 and Aug. 25.
Equifax, one of the major agencies gathering data used in credit ratings for banks, has come under fire for waiting until Sept. 7 to publicly disclose the breach, and investigators are looking into stock sales by two senior executives in August.
Smith stepped down last week amid the investigation, while indicating he would remain in a consulting capacity during the investigation, which includes a congressional hearing scheduled for yesterday.
Smith offered a fresh apology for the attack, saying in his statement: “As CEO I was ultimately responsible for what happened on my watch. Equifax was entrusted with Americans’ private data and we let them down.”
Mercuries Life Insurance Co (三商美邦人壽) shares surged to a seven-month high this week after local media reported that E.Sun Financial Holding Co (玉山金控) had outbid CTBC Financial Holding Co (中信金控) in the financially strained insurer’s ongoing sale process. Shares of the mid-sized life insurer climbed 5.8 percent this week to NT$6.72, extending a nearly 18 percent rally over the past month, as investors bet on the likelihood of an impending takeover. The final round of bidding closed on Thursday, marking a critical step in the 32-year-old insurer’s search for a buyer after years of struggling to meet capital adequacy requirements. Local media reports
AI BOOST: Although Taiwan’s reliance on Chinese rare earth elements is limited, it could face indirect impacts from supply issues and price volatility, an economist said DBS Bank Ltd (星展銀行) has sharply raised its forecast for Taiwan’s economic growth this year to 5.6 percent, citing stronger-than-expected exports and investment linked to artificial intelligence (AI), as it said that the current momentum could peak soon. The acceleration of the global AI race has fueled a surge in Taiwan’s AI-related capital spending and exports of information and communications technology (ICT) products, which have been key drivers of growth this year. “We have revised our GDP forecast for Taiwan upward to 5.6 percent from 4 percent, an upgrade that mainly reflects stronger-than-expected AI-related exports and investment in the third
TECHNOLOGICAL RIVALRY: The artificial intelligence chip competition among multiple players would likely intensify over the next two years, a Quanta official said Quanta Computer Inc (廣達), which makes servers and laptops on a contract basis, yesterday said its shipments of artificial intelligence (AI) servers powered by Nvidia Corp’s GB300 chips have increased steadily since last month, should surpass those of the GB200 models this quarter. The production of GB300 servers has gone much more smoothly than that of the GB200, with shipments projected to increase sharply next month, Quanta executive vice president Mike Yang (楊麒令) said on the sidelines of a technology forum in Taipei. While orders for GB200 servers gradually decrease, the production transition between the two server models has been
ASE Technology Holding Co (日月光投控), the world’s largest integrated circuit (IC) packaging and testing supplier, yesterday announced a strategic collaboration with Analog Devices Inc (ADI), coupled with the signing of a binding memorandum of understanding. Under the agreement, ASE intends to purchase 100 percent shares of Analog Devices Sdn Bhd and acquire its manufacturing facility in Penang, Malaysia, a press release showed. The ADI Penang facility is located in the prime industrial hub of Bayan Lepas, with an area of over 680,000 square feet, it said. In addition, the two sides intend to enter into a long-term supply agreement for ASE to
RSS