Equifax revealed on Thursday that last year’s cyber breach affected data on more consumers than it had originally stated.
After continuing analysis, Equifax identified an additional
2.4 million individuals whose names and driver’s license information were stolen by hackers.
In most cases, the stolen data did not include home addresses or driver’s license
states, or dates of issuance.
Equifax says it will notify the affected consumers and offer identity theft protection and credit file monitoring services at no cost.
These consumers
apparently were not included in previous totals — nor were they notified — because their Social Security Numbers were not stolen, the company adds. The methodology used in prior
forensic examination focused on SSNs and names as the key identifiers, and attackers were mostly focused on SSNs, according to Equifax.
For this analysis, the company referenced
information in internal records that the attackers did not access, and with the help of an external data provider.
"This is not about newly discovered stolen data," states Paulino do Rego
Barros, Jr., interim chief executive officer of the credit reporting company. "It's about sifting through the previously identified stolen data, analyzing other information in our databases that was
not taken by the attackers, and making connections that enabled us to identify additional individuals."
Last month, Senator Elizabeth Warren (D-Mass.) sent a letter to Barros citing
“what appears to be misleading, incomplete, or contradictory information” provided to Congress and the public about the breach of data on 145 million Americans.
Equifax stated last
year that hackers primarily accessed “names, Social Security numbers, birth dates, and, in some instances, driver’s license numbers…credit numbers…and certain dispute
documents with personal identifying information,” Warren said.