It’s believed millions of people’s social security numbers, birthdates and addresses have been stolen by hackers in the Equifax breach, so why not throw in credit cards too?
The latest news in the massive hack is that more than 200,000 Mastercard and Visa credit card accounts were reportedly stolen in one swoop, according to security expert Brian Krebs. Apparently, Visa and Mastercard have sent confidential alerts to financial institutions across the US warning them of the possible theft due to the breach. And Equifax has reportedly said they were all stolen at the same time.
Equifax, Visa and Mastercard didn’t immediately respond to request for comment.
As many as 143 million people are thought to have been a record 1 billion accounts., that’s half of the US population. The breach is particularly potent because Equifax, a credit-reporting firm, holds such a large amount of people’s sensitive information. It’s among the largest hacks in US history and the biggest known leak of 2017. In 2013, Yahoo is said to have lost data on roughly
Equifax learned about the breach on July 29 but didn’t reveal it for more than a month. The firm already said that hackers stole credit card numbers of about 209,000 people and also got documents with personal information on 182,000 victims. But, until now, credit card companies have been mostly quiet about the breach.
While Visa and Mastercard commonly tell possible victims and institutions their cards may be compromised, it’s unusual for the companies to reveal what firm they believe the accounts were stolen from.
In it’s alert, Visa reportedly said the credit cards accounts may have been stolen sometime between November 10, 2016, and July, 6, 2017, according to Krebs. Equifax, however, reportedly says the accounts were stolen all at the same time in mid-May 2017.
“The attacker accessed a storage table that contained historical credit card transaction related information,” Equifax said, according to Krebs . “The dates that you provided in your e-mail appear to be the transaction dates. We have found no evidence during our investigation to indicate the presence of card harvesting malware, or access to the table before mid-May 2017.”