US credit agency Equifax says faulty computer code led the company to provide inaccurate credit information about US citizens to financial institutions for a period of around three weeks earlier this year.
“Equifax has identified a coding issue in a legacy US on-premises server environment that needs to be migrated to the new Equifax Cloud infrastructure,” the company said Tuesday in A declaration.
The company said the issue occurred between March 17 and April 6, 2022, when the issue was resolved, and “resulted in a potential miscalculation of certain attributes used in model calculations.”
Equifax said, “Credit reports have not been changed as a result of this issue,” although The Wall Street Journal reports that credit scores provided to financial firms in conjunction with consumer inquiries for car loans, mortgages and credit cards were off by 20 points or more, enough to alter lenders’ credit decisions.
In its statement, Equifax said its analysis of the consequences of the coding issue indicates that “the vast majority” of credit scores were unaffected. For those affected, the company said “initial analysis indicates that only a small number may have received a different credit decision.”
According to the company, less than 300,000 consumers saw their credit score change by 25 points or more. The Wall Street Journal says lenders have asked Equifax for more details and may consider changing the price of loans or giving refused loan applicants the chance to reapply.
The register asked Equifax if it would be more specific about the nature of the “code problem” that changed people’s credit scores. We haven’t had a response. We also asked the US Consumer Financial Protection Bureau for comment, and the agency declined.
National First Mortgage Advisor reported the snafu at the end of May. The banking trade publication said the error affected mortgage customers receiving consumer credit scores through Equifax’s former online models platform, known as OMS.
An anonymous source told the publication that in some transactions, attribute values such as “number of requests in a month” or “age of oldest business line” were sometimes incorrect. These errors are said to have affected about 12% of credit score calculations.
In 2017, Equifax was compromised in a cyberattack the company attributes to the Chinese army. The intrusion was made possible by an employee running an unpatched and therefore insecure version of Apache Struts. The personal details of around 146.6 million people in the US, Canada and the UK are believed to have been taken as a result of the incident.
The massive hack led Equifax to invest $1.5 billion “to build industry-leading cloud-native technology and security infrastructure,” as the company puts it.
Yet corrective infrastructure and investment in security clearly failed to prevent the “coding problem”.
Equifax suggests that as it accelerates its migration from the affected on-premises environment to the cloud, the availability of additional controls and monitoring will help detect and prevent similar issues in the future.
We can only hope. ®