Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.
The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted.
Equifax has established a dedicated website, www.equifaxsecurity2017.com, to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection.
A Jacksonville, Florida, woman received a call last month that appeared to be from the HHS Office of Inspector General’s (OIG) hotline. The caller told her that she had won a $9,000 grant from the federal government and all she had to do was either wire $250 to him through Western Union or give him the confirmation code for a $250 iTunes gift card. The man also wanted her to confirm her name, address and some other personal facts. She became suspicious and eventually ended the call.
The Jacksonville woman may not have sent money, but she was scammed into confirming and giving out personal information that could be used to steal money from her bank account or for other fraudulent activity.
She wasn’t alone. The OIG hotline phone number for reporting fraud —1-800-HHS-TIPS (1-800-447-8477) — had been spoofed, a malicious practice of making a phone number appear on caller ID to be legitimate in order to obtain confidential information. Thousands of calls using the spoofed number were made to people across the nation, although only a handful of people have apparently sent money to the perpetrators, said Thomas O’Donnell, Assistant Inspector General for Investigations at HHS. One criminal case is underway and two people are under investigation.
Click here to read the full story and learn tips on how to protect yourself from these types of attacks.
The National Credit Union Administration warned today after receiving numerous inquiries from consumers.
There are many versions of a fake check scam. However, the result is the same. Scammers lure consumers into depositing a cashier’s check, money order, or other checking instrument from someone that they don’t know and wiring or sending money to the scammers.
A check may take considerably longer to clear the financial institution that issued it before the funds can be collected. It could take days or even weeks to discover that the deposited check was fraudulent.
If you think you or someone you know was the victim of a fake check scam, consider taking the following steps:
- Contact your local law enforcement agency to report the scam.
- Contact your state’s attorney general. Contact information for each state’s attorney general can be found on the National Association of Attorneys General website.
- File a complaint with the Federal Trade Commission. Your complaint will be filed into a secure online database, which is used by many local, state, federal, and international law enforcement agencies. Complaints from consumers help detect patterns of fraud and abuse.
- If you or the victim is an older adult or a person with a disability, contact your local adult protective services agency. You can find local support resources using the online Eldercare Locator or by calling 1-800-677-1116.
The National Credit Union Administration has received consumer calls about a suspicious text message claiming to come from the agency.
The message reads: “National Credit Union Administration Alert for (recipient's phone number). Contact 844-234-5445.”
This is not a communication from NCUA. The agency does not seek personal information through the internet or on the telephone.
Please contact NCUA's Consumer Assistance Center at 1-800-755-1030 between 8 a.m. and 5 p.m. Eastern if you receive one of these messages. NCUA also recommends contacting your credit union and local law enforcement.