Equifax discovered the intrusion on July 29, but only 3 months the agency notified customers the incident (on September 7) that occurred between mid-May and late July. The breach affects roughly 143 million U.S. consumers and involves names, social security numbers, dates of birth, addresses and, in some cases, driver’s license numbers, credit card numbers and dispute documents.
Now security experts warn hackers are offering for sale the precious data and warned users to be vigilant on phishing attempts and scams.
The U.S. Federal Trade Commission (FTC) who is investigating the incident issued an alert regarding scam phone calls.
“Ring, ring. “This is Equifax calling to verify your account information.” Stop. Don’t tell them anything. They’re not from Equifax. It’s a scam. Equifax will not call you out of the blue.” states the alert issued by Equifax.
“That’s just one scam you might see after Equifax’s recent data breach. Other calls might try to trick you into giving your personal information.”
Shortly after the Equifax data breach was disclosed, various hackers started offering the data but without demonstrating to possess them.
Many websites appeared on the Tor network, in one case hackers set up a site to blackmail Equifax, they requested the payment of 600 bitcoin (roughly $2.7 million) to avoid the release of all the data, except the credit card numbers.
It was a hoax and once discovered the hackers closed the website.
“Shortly after this breach was made public, a darknet website had popped up claiming to be selling access to the Equifax data. The hackers claim that they did not anticipate receiving such a trove of data, and need to monetize the attack quickly. They state that they will release the entire data set on September 15th, 2017 (one week from the time of the writing). They are asking for 600 BTC, or ~$2.6 million USD.” reported the Weapons Grade Shinanigans.
— Catalin Cimpanu (@campuscodi) September 8, 2017
Recently a group calling itself Equihax started a crowdfunding to collect 600 bitcoin or 8,400 Ethereum to release the precious data, the hackers also offered 1 million data entries for 4 bitcoin ($12,500).
The hackers leaked the records of Donald Trump, Kim Kardashian, and Bill Gates to proof the authenticity of the data and shared many screenshots demonstrating the access to the Equifax system
Also in this case it was a scam and leaked data were already available online, while the screenshots were clearly forged.
It is easy to predict that other scam websites will emerge in the darknet offering the Equifax data.
(Security Affairs – data breach, cybercrime)