Last month, reports surfaced that more information than previously thought may have been exposed in Equifax's massive data breach, and now, the company has confirmed it. On March 1, 2018 Equifax said that 2.4 million more people than it previously believed were affected by its data breach last year - the second time it has revised up estimates of the number of Americans whose information was stolen.

equifax.jpg

In October of last year, Equifax revealed that forensics investigators had concluded that 2.5 million more US consumers were affected by the data breach it revealed in September, bringing the total number at that time to 145.5 million. This new revelation raises the number of victims in the US to 147.9 million people.

The company says they were able to find the additional 2.4 million Americans by cross referencing names with partial driver's license numbers using both internal and external data sources. The driver’s license information stolen did not include home addresses or states, dates of issuance or expiration dates, the credit reporting agency said.

"This is not about newly discovered stolen data," said Paulino do Rego Barros, Jr., interim CEO of Equifax. "It's about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers, and making connections that enabled us to identify additional individuals."

These Americans were not found in the original breach because Equifax had focused its investigation on those with Social Security numbers impacted. Individuals with stolen Social Security numbers are generally more at risk for identity theft because of how prolific Social Security numbers are used in identity verification.

The company had not previously identified these customers because their Social Security numbers were not stolen. Equifax identified previous victims of the attack through Social Security numbers and names. Individuals with stolen Social Security numbers are generally more at risk for identity theft because of how important Social Security numbers are in identity verification.

Equifax said it will reach out to the 2.4 million affected people and will provide the same credit monitoring and identity theft protection services it has been offering to the originally disclosed victims.

Equifax said there is no evidence that hackers accessed its core consumer, employment and income or commercial credit-reporting databases.

“We are committed to regaining the trust of consumers, improving transparency and enhancing security across our network,” Barros said.


Breadcrumb is a cybersecurity and executive advisory firm. Located in Central California, we partner with organizations throughout the US, protecting their critical assets from cyber breach. Contact us today for a no-obligation consultation.