We’re constantly learning new things about the massive Equifax data breach, including its actual cause, that it affected people all over the world, and that the Federal Trade Commission is investigating. Let’s back up, though, and remember something important: Along with the millions of Social Security and driver’s license numbers, 200,000 customer credit card numbers were taken too.
Krebs on Security obtained a confidential alert that Visa and MasterCard sent to financial institutions, and the alert is pretty specific.
Fraud alerts that go out to banks and other financial institutions after a payment data breach usually have incomplete information and can’t name specific customers, but for cards that the Equifax hackers took, the networks had more detail than that.
The credit card networks know which customers’ cards were breached and shared that information with banks. They also were able to confirm the source that the numbers were taken from, Equifax.
It’s easy to skip over a mere 200,000 credit card numbers when the ingredients to commit identity theft on half of all American adults were also taken. However, the hackers were able to obtain card numbers and expiration dates as well as users’ names, which is enough information to create a magnetic stripe cloned card or place fraudulent orders from some websites.
Equifax estimates that the hackers downloaded the credit card data sometime in mid-May of 2017, and the company didn’t discover the breach until the end of July 2017.