Equifax’s public profile hasn’t been the best in recent months, and today’s announcement won’t help. The credit reporting agency said on Thursday that they identified 2.4 million more people affected by last year’s huge data breach.
“We were able to identify these consumers by referencing other information in proprietary company records that the attackers did not steal, and by engaging the resources of an external data provider,” the company said in a statement.
Equifax said that attackers stole partial driver’s license information from 2.4 million U.S. consumers. By “partial,” they meant that in the majority of cases, information did not include addresses, an individual’s driver’s license state, date of issuance, or the expiration date. The agency said it will use U.S. Postal mail to contact those newly identified consumers, and will offer them free theft protection and credit file monitoring services.
The agency took pains to point out that this isn’t the result of a new attack. It’s just emerging information about the 2017 breach.
Could’ve been worse. The Federal Trade Commission said last September that 143 million consumers were affected by a data beach at Equifax. Citing the agency, the FTC said the breach lasted from mid-May through July. Hackers got people’s names, social security numbers, birth dates, addresses, as well as some credit card numbers, dispute documents, and driver’s license numbers.
In the wake of last year’s breach, the Department of Justice started a probe into why three Equifax executives sold company stock after the company learned it was targeted in the breach. Before the investigation was announced, a company spokesperson said the executives didn’t know about the attack when they sold the stocks. The optics were also pretty bad when the Internal Revenue Service awarded the agency a government contract covering sensitive taxpayer information.
[Screengrab via Good Morning Tampa Bay]