Cybersecurity Incident & Important Consumer Information
On September 7, 2017 Equifax Inc., our U.S. parent company, announced a cybersecurity incident. On October 2, 2017 we announced we completed our investigation into the incident. With respect to potentially impacted Canadian citizens, we shared in a news release on October 2 and with customers the same week that personal information of approximately 8,000 Canadian consumers was impacted. Also, it was determined that an additional 11,670 credit card numbers of Canadian consumers may have been impacted.
Equifax Inc. learned of the incident on July 29, 2017, and acted immediately to stop the intrusion and conduct a forensic review. During that review, we identified unauthorized access to limited personal information for certain Canadian consumers. Based on our investigation, the unauthorized access occurred from mid-May through July 2017.
The potentially impacted information includes names, addresses, Social Insurance Numbers and credit card numbers. Other potentially impacted information includes login credentials for our direct-to-consumer website, such as username and password, and secret question/answer, which we believe are several years old.
Equifax Canada systems were not affected. We found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases. Equifax Canada systems and platforms are entirely separated from those impacted by the Equifax Inc. cybersecurity incident.
This issue has been contained and Equifax notified impacted Canadians by mail in 2017 and offered them 12 months of free credit monitoring and identity theft protection. In 2018, we extended this free service for an additional 12 months to those impacted consumers who availed our offer. In addition to credit monitoring and identity theft protection offered directly to consumers, Equifax Canada continues to invest heavily in our infrastructure, including significant recent efforts to further secure our data from unauthorized access.