The Stolen Equifax Data Has Never Been Found, Experts Suspect a Spy Scheme

An anonymous reader quotes a report from CNBC: On September 7, 2017, the world heard an alarming announcement from credit ratings giant Equifax: In a brazen cyber-attack, somebody had stolen sensitive personal information from more than 140 million people, nearly half the population of the U.S. It was the consumer data security scandal of the decade. The information included social security numbers, driver’s license numbers, information from credit disputes and other personal details. CEO Richard Smith stepped down under fire. Lawmakers changed credit freeze laws and instilled new regulatory oversight of credit ratings agencies. Then, something unusual happened. The data disappeared. Completely.

CNBC talked to eight experts, including data “hunters” who scour the dark web for stolen information, senior cybersecurity managers, top executives at financial institutions, senior intelligence officials who played a part in the investigation and consultants who helped support it. All of them agreed that a breach happened, and personal information from 143 million people was stolen. But none of them knows where the data is now. It’s never appeared on any hundreds of underground websites selling stolen information. Security experts haven’t seen the data used for in any of the ways they’d expect in a theft like this — not for impersonating victims, not for accessing other websites, nothing. Most experts familiar with the case now believe that the thieves were working for a foreign government, and are using the information not for financial gain, but to try and identify and recruit spies.