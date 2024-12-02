Both card schemes frequently send alerts to card-issuing financial institutions with information about specific credit and debit cards that may have been compromised in a recent breach. However, it is unusual for these alerts to state from which company the accounts were thought to have been stolen.

In this case, however, Visa and MasterCard referred directly to Equifax specifically as the source of an ecommerce card breach. The companies said the data elements stolen included card account number, expiration date, and the cardholder’s name. Fraudsters can use this information to conduct ecommerce fraud at online merchants. Visa has updated their advisory about these over 200,000 credit cards stolen in the Equifax breach, and it believes the records also included the cardholder’s Social Security number and address.

In an update to its breach disclosure, Equifax confirmed reports that the application flaw in question was a weakness disclosed in March 2017 in a popular open-source software package called Apache Struts (CVE-2017-5638), according to Brian Krebs.

Meanwhile, one week after publicly revealing the large data breach, the credit-reporting agency has unveiled more details of just how many people are affected in the UK. A statement posted on Equifax’s UK website confirmed that around 400,000 UK citizens have been affected by the data breach.

On Friday, September 15, Credit Karma, a San Francisco-based fintech company, has announced plans to launch a new free service that will alert customers if their identity data has been compromised in hacks. The new ID monitoring service is being tested and will be available in October 2017. Similar to services offered by Symantec-owned LifeLock, the fintech will keep track of data breaches and tell customers if they are one of the victims. Customers can then check to use the company’s credit monitoring services and flag suspicious activities.