subscribe to our newsletter

Equifax Australia ‘not compromised’ by security breach

The Australian and New Zealand arms of credit reporting agency Equifax has reassured industry that it was not affected by the recent cyber security incident in the US.

Earlier this month, US-based company Equifax Inc. announced a cyber security incident that could have impacted up to 143 million consumers.

According to the company, “criminals exploited a US website application vulnerability to gain access to certain files”.

The company has since revealed that there were occurrences of “unauthorised access” from mid-May through July 2017 due to an attack vector in a “vulnerability” in the Apache Struts (CVE-2017-5638) web application, an open-source application framework that supports the Equifax online dispute portal web application.

The vulnerability was patched and brought online; however, the company found that the incident could potentially involve the names, social security numbers, birth dates, addresses and, in some instances, driver's license numbers of up to 143 million US consumers. 


In addition, credit card numbers for approximately 209,000 US consumers, and certain dispute documents with personal identifying information for approximately 182,000 American consumers, were accessed.

The breach also involved “unauthorised access to limited personal information for certain UK and Canadian residents”.

There was no evidence found of unauthorised activity on Equifax's core consumer or commercial credit reporting databases.

Equifax has been working with an independent cyber security firm to determine the scope of the intrusion, including the specific data impacted, and is working with authorities to find those responsible for the “criminal access”.

The company operates or has investments in 24 countries. It also owns verification of identity service ZipID in Australia.


However, the company has emphasised that there has been no evidence found of personal information of consumers in any other countries, including Australia and New Zealand, being accessed.

A spokesperson told Mortgage Business: “Equifax Australia and Equifax New Zealand systems were not compromised by the recent cyber security incident in the US. 

“The Equifax US web server that was targeted is not a component of the Equifax Australia or Equifax New Zealand infrastructure, and Equifax has found no evidence that the US cyber security incident impacted personal information of consumers in Australia or New Zealand."

Speaking of the incident in the US earlier this month, Equifax chairman and chief executive officer Richard F. Smith said: "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologise to consumers and our business customers for the concern and frustration this causes.

"We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all US consumers, regardless of whether they were impacted by this incident."

He continued: "I've told our entire team that our goal can't be simply to fix the problem and move on. Confronting cyber security risks is a daily fight. While we've made significant investments in data security, we recognise we must do more. And we will."

The company has since announced that its chief information officer, David Webb, and chief security officer, Susan Mauldin, are retiring. 

Mark Rohrwasser, who has led Equifax's international IT operations since 2016, has been appointed interim chief information officer. 

The vice president of the IT organisation at Equifax, Russ Ayres, has been appointed interim chief security officer.

Equifax's internal investigation of this incident is still ongoing and the company continues to work closely with the FBI in its investigation.

[Related: Focus on cyber security from the start]

Equifax Australia ‘not compromised’ by security breach

Are you a new-to-industry broker in the process of growing your business? Then there’s some great news: The Adviser’s New Broker Academy is back in 2021 and will provide you with essential insights into cutting-edge tools, strategies and processes to fast-track to success. Don’t miss your chance to attend. To secure your FREE place, visit newbroker.com.au now!

Annie Kane

Annie Kane is the editor of The Adviser and Mortgage Business.

As well as writing about the Australian broking industry, the mortgage market, financial regulation, fintechs and the wider lending landscape – Annie is also the host of the Elite Broker and In Focus podcasts and The Adviser Live webcasts. 

Contact Annie at: This email address is being protected from spambots. You need JavaScript enabled to view it.

Latest News

The IMF has urged Australia to consider reforms around housing supply and lending standards, citing apprehension around the upsurge in prope...

Treasurer Josh Frydenberg has backed the net-zero emissions by 2050 target, warning failure to comply will hurt banks’ access to capital a...

The regulator is set to release information setting out how it would use macroprudential policy tools, after expressing concerns around the ...

Join Australia's most informed brokers

Do you know which lenders are providing brokers and their customers with the best service?

Use this monthly data to make informed decisions about which lenders to use. Simply contribute to the survey and we'll send you the results directly to your inbox - completely free!

How long do you think it should take to discharge a mortgage?

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.