The names, addresses, social security numbers and, in some cases, credit card details of approximately 143 million Americans were accessed during the attack - nearly half of the US population. Reports would later reveal that the attackers managed to gain access to Equifax's systems by exploiting a vulnerability that had in fact been identified in March, one that Equifax could have easily secured.
The true extent of the damage has yet to be fully determined at the time of this writing, and according to John Ulzheimer, credit monitoring expert and former Equifax employee, “there may never be way to find out. At this point, it's unclear whether Equifax will face any significant consequences for its utter failure to protect the digital identities of half the American population. (To add insult to injury, it appears Equifax not only waited six weeks to report the breach, but further delayed informing the cell phone number list public until it had successfully acquired a company. identity protection so that she can later profit from the breach.)
If this situation had played out in Europe, things would probably be very different. Europeans (and the European Union in particular) care a lot about online privacy and data protection. From 'controversial' laws that protect Europeans' 'right to be forgotten' to wider cultural attitudes about consumer protection, it's much easier - and safer - to be a consumer in Europe than in the states -United. For American companies marketing to European consumers, however, life could soon become much more difficult thanks to the European Union's General Data Protection Regulation, or GDPR ( PDF of full text ).
What is the General Data Protection Regulation?
The GDPR is a set of new legislative rules introduced by the European Union to make it easier for residents of EU countries to protect their personal data online. The regulation was officially approved on April 27, 2016 and will officially enter into force across the EU by May 25, 2018. Unlike EU directives, which require additional action by member country governments to be enacted, the GDPR is (as the name suggests) a regulation, which means that the rules will immediately become legally binding on May 25, 2018, with no further action or measures required by EU member states.