Read the full report here.
• Entirely preventable. Equifax failed to fully appreciate and mitigate its cybersecurity risks. Had the company taken action to address its observable security issues, the data breach could have been prevented.
As one of the largest consumer reporting agencies in the United States, Equifax has a heightened responsibility to protect consumer data. The government also plays a key role in partnering with the private sector to prevent and mitigate cyberattacks.
• On September 7, 2017, Equifax announced a cybersecurity incident affecting 143 million consumers. This number eventually grew to 148 million – nearly half the U.S. population and 56 percent of American adults.