Equifax revealed on Tuesday that the recent data breach affects roughly 100,000 Canadian consumers, but the company’s systems in Canada were not compromised.
Equifax Canada said the company’s investigation is still ongoing, but it believes the incident affects approximately 100,000 Canadians. Similar to the United States, the exposed information includes names, addresses, social insurance numbers, and, in some cases, credit card numbers.
“Equifax Canada can confirm that Canadian systems are not affected. We have found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases. Equifax Canada systems and platforms are entirely separated from those impacted by the Equifax Inc. cybersecurity incident widely reported in the U.S.,” the company said.
Impacted individuals will be notified via mail and they will be offered credit monitoring and identity theft protection services for one year at no charge.
Equifax said it notified MasterCard and Visa about the payment cards compromised in the breach. The company has also informed the Privacy Commissioner of Canada (OPC), the Commissioners in Alberta, British Columbia, and Quebec, and consumer reporting registrars in Ontario, Alberta and Saskatchewan.
While the number of individuals affected by the breach in Canada has only now come to light, some Canadian consumers launched a class action lawsuit within a week of disclosure. The initiators of the suit are seeking damages of $550 billion CAD ($450 billion US).
Equifax said cybercriminals had access to its U.S. systems between mid-May and late July after leveraging an Apache Struts 2 vulnerability that had been exploited in the wild since March.
The company said the breach affects roughly 143 million U.S. consumers and 400,000 customers in the United Kingdom. In the case of the U.K., the credit reporting agency revealed that the data was stored on U.S. systems between 2011 and 2016 due to a “process failure.” No such explanation has been provided by Equifax Canada.
Equifax stock has dropped from roughly $140 to just over $90 following the breach and experts believe it could plunge as low as $50. The incident has already cost the company nearly $10 billion in market value.
The company’s Chief Security Officer and Chief Information Officer retired after the hack came to light.
In the United States, the Federal Trade Commission (FTC), congressional committees, and the Attorneys General in 40 states have announced the launch of investigations into the Equifax breach.
Related: Industry Reactions to Equifax Hack
Related: Equifax Cybersecurity Failings Revealed Following Breach
