ATLANTA—The massive Equifax breach didn’t compromise just personal information such as names, addresses and birth dates–the hack exposed more than 200,000 credit cards, Visa and Mastercard are reporting.
The news comes at the same time Equifax has announced its chief information officer, Dave Webb, and chief security officer, Susan Mauldin, are “retiring” in the wake of the breach.
According to KrebsOnSecurity, Visa and Mastercard are saying that crooks stole card account numbers, expiration dates and cardholders' names.
According to non-public alerts sent to certain issuers by the two major payments networks, the card data was breached between Nov. 10, 2016, through July 6, 2017, which conflicts with an Equifax statement that says accounts were all stolen at once in mid-May.
“It would be tempting to conclude from these alerts that the card breach at Equifax dates back to November 2016, and that perhaps the intruders then managed to install software capable of capturing customer credit card data in real-time as it was entered on one of Equifax’s Web sites,” said Brian Krebs on his website. “Indeed, that was my initial hunch in deciding to report out this story. But according to a statement from Equifax, the hacker(s) downloaded the data in one fell swoop in mid-May 2017.”
The company said Friday that its internal investigation is "still ongoing," and that the company "continues to work closely with the FBI in its investigation."