Equifax software bug messed up credit score calculations for weeks

US credit agency Equifax says errant computer code led the company to provide inaccurate credit information about US folks to financial institutions for a period of about three weeks earlier this year.

"Equifax identified a coding issue within a legacy, on-premise server environment in the US slated to be migrated to the new Equifax Cloud infrastructure," the biz said on Tuesday in a statement.

The company said the glitch occurred between March 17 and April 6, 2022, when the issue was fixed, and "resulted in the potential miscalculation of certain attributes used in model calculations."

Equifax said, "credit reports were not changed as a result of this issue," though the Wall Street Journal noted the credit scores provided to financial firms in conjunction with consumer applications for auto loans, mortgages, and credit cards were off by 20 points or more, enough to alter lender credit decisions.

In its statement, Equifax said its analysis of the consequences of the coding issue indicates "the vast majority" of credit scores were unaffected. For those who were affected, the company said, "initial analysis indicates that only a small number of them may have received a different credit decision."

According to the corporation, fewer than 300,000 consumers saw a credit score shift of 25 points or more. The Wall Street Journal says lenders have asked Equifax for more details and may consider repricing loans or giving denied loan applicants the opportunity to reapply.

The Register asked Equifax whether it would be more specific about the nature of the "code issue" that altered people's credit scores. We've not heard back. We also asked the US Consumer Financial Protection Bureau to comment and the agency declined.

• NASA's CAPSTONE silence down to a software flaw
• Google fixes 'Chromebork' one-character code typo that prevented Chrome OS logins
• Airline flight loads miscalculated because adult passengers using 'Miss' were treated as children

National Mortgage Professional first reported the snafu in late May. The banking trade publication said the error affected mortgage clients receiving consumer credit scores via Equifax's legacy online model platform, known as OMS.

An unnamed source told the publication that in certain transactions, attribute values such as "number of inquiries within one month" or "age of oldest tradeline" were sometimes incorrect. These errors are said to have affected about 12 percent of credit score calculations.

In 2017, Equifax was compromised in a cyberattack that the company attributes to the Chinese military. The intrusion was made possible by an employee running an unpatched and thus insecure version of Apache Struts. Personal information for about 146.6 million people in the US, Canada, and the UK is said to have been taken as a result of the incident.

The massive hack led Equifax to invest $1.5 billion "to build a top-tier, cloud-native technology and security infrastructure," as the company puts it.

Yet the remedial infrastructure and security investment evidently failed to prevent the "coding issue."

Equifax suggests that by accelerating its migration of the affected on-premises environment to the cloud, the availability of additional controls and monitoring will help catch and prevent similar problems in the future.

We can only hope. ®