US data breach: $70 billion lawsuit filed against Equifax, probe urged

As nearly half of the US population fell victim to a massive cyber fraud at credit reporting agency Equifax, a Democratic Senator has called for a probe while a class-action lawsuit seeking up to $70 billion in damages has been filed against the company.

Senator Tammy Baldwin from Wisconsin requested the Senate Commerce Committee to hold a hearing on the Equifax hack which exposed the sensitive personal data of 143 million US citizens, New York Post reported late on Friday.

Hackers exploited a vulnerability in the company's website application from mid-May through July and gained access to consumer information including names, Social Security numbers, birth dates, addresses and in some instances, driver's license numbers, Equifax earlier said in a statement.

The breach also included credit card numbers of approximately 209,000 consumers and certain dispute documents with personal identifying information of approximately 182,000 consumers.

"I write today to urge you to hold a hearing on an issue impacting the lives of millions of Americans -- the recently reported data breach at Equifax, one the nation's largest consumer credit reporting agencies," Baldwin wrote to the committee.

The US House Financial Services Committee has also announced to hold a hearing regarding the huge data breach.

Meanwhile, lawyers for Mary McHill and Brook Reinhard, who had their personal information stored by the company, filed a complaint in the Oregon federal court against Equifax, seeking up to $70 billion in damages, vanityfair reported.

Equifax discovered the breach on July 29 but alerted the people only on September 7 after three senior executives sold shares worth almost $1.8 million, the report added.

"This is clearly a disappointing event for our company and one that strikes at the heart of who we are and what we do. I apologise to consumers and our business customers for the concern and frustration this causes," Chairman and CEO Richard F Smith said in the company statement.

As part of its investigation into the application vulnerability, Equifax also identified unauthorised access to limited personal information of certain UK and Canadian residents.

According to media reports, Equifax has been slammed by customers and security experts for an inadequate response to the data breach.

After the company made the data breach public, Equifax's stock fell by more than 14 per cent.

In its efforts to mitigate damages, the company has created a dedicated website -- www.equifaxsecurity2017.com, to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection.

The company has said that it will send direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were impacted.

Equifax was also contacting US state and federal regulators and has sent written notifications to all state attorneys general, which includes company's contact information for regulator inquiries.