Together, that's more than enough for criminals to steal people's identities, potentially wreaking havoc, stealing vast amounts of money and ruining people's lives.
"On a scale of one to 10, this is a 10 in terms of potential identity theft," said Gartner security analyst Avivah Litan.
That accounts for a large proportion of the country – meaning that if you think you might possible have been hit, you probably have.
Because of the nature of the business, people might not necessarily know that they are a customer or that they could potentially have had their personal details stolen.
There recently has been a significant move to ransomware as the malware of choice for online thieves, noted Andy Feit, head of threat prevention product marketing at Check Point.
"What we've seen in the last three of four months is this major move by the hacker community to install ransomware on machines," he told Tech News World. When something catches on, the hackers' social networks get fired up, and everybody starts to move to it." Banking malware requires massive adaptation from bank to bank, according to Check Point security researcher Gad Naveh. That contrasts with ransomware, which cybercriminals can adapt easily without any special developer input.
More importantly, with ransomware it's easier for thieves to get their hands on a mark's money than with a banking trojan.
"Credit bureaus keep so much data about us that affects almost everything we do." Lenders rely on the information collected by the credit bureaus to help them decide whether to approve financing for homes, cars and credit cards.
Credit checks are even sometimes done by employers when deciding whom to hire for a job.
"The ability to trace movements of funds, or physical pick up, creates a real risk for the attacker." By comparison, victims make ransomware payoffs in bitcoin.
External third parties can not interrupt transfers of the digital money.Equifax's security lapse could be the largest theft involving Social Security numbers, one of the most common methods used to confirm a person's identity in the U. It eclipses a 2015 hack at health insurer Anthem Inc.