Atlanta-based Equifax announced a day earlier that the sensitive information of 143 million Americans had been compromised after “criminals” exploited a U.S. website application to access files between mid-May and July of this year.
Schneiderman paired his formal-investigation announcement Friday tied together with a consumer alert, urging all New Yorkers to check with Equifax if their information was breached and to take additional measures to protect themselves from identity theft.
“The Equifax breach has potentially exposed sensitive personal information of nearly everyone with a credit report, and my office intends to get to the bottom of how and why this massive hack occurred,” the attorney general said in a statement.
Statistics that Schneiderman’s office published just this past March found that the personal records of 1.6 million New Yorkers were exposed by data breaches in 2016.
Schneiderman urged New Yorkers to take precautions when sharing and storing data online. “It’s on all of us to guard against those who try to use our personal information for harm – as these breaches too often jeopardize the financial health of New Yorkers and cost the public and private sectors billions of dollars,” he said in a statement.
The March study showed that there had been close to 1,300 reported data breaches in 2016 — a 60 percent rise in frequency, but a threefold increase in quantity of the public in exposed compared the previous year.
External hacking was the No. 1 cause of data breaches, according to the report, accounting for 40 percent of the figures, but another 37 percent were attributable to employee negligence, which consists of a combination of inadvertent exposure of records, insider wrongdoing, and the loss of a device or media.
Equifax reportedly waited more than a month to warn consumers Thursday, having discovered the hack on July 29. The Atlanta-based company has set up a special website for consumers to check if their personal information was compromised. Consumers can also call 866-447-7559 for more information.
Equifax said it has also engaged independent cybersecurity firm to conduct ongoing investigation into the breach.
“Once discovered, we acted immediately to stop the intrusion,” the company posted to Twitter.
Equifax claimed that it found no evidence of unauthorized activity on its core consumer or commercial credit-reporting databases, explaining that the breached data consisted primarily of names, Social Security numbers, birth dates and addresses. Driver’s license numbers were also compromised in certain isolated instances, the company said.
Besides all the personal information that was stolen in its breach, Equifax said the credit card numbers for about 209,000 U.S. consumers were also taken.
The first of what will likely be many class actions over the data breach was filed Friday in U.S. District Court in Portland, Oregon.
Representatives from Equifax did not immediately respond to request for comment on Schneiderman’s announcement and alert.