Apparently, the Equifax data breach is much worse than previously thought. Last week, Equifax announced that ongoing analysis has uncovered an additional 2.4 million Americans impacted by the 2017 data breach.
Back in September 2017, Equifax announced that a massive data breach compromised over 145 million consumers’ personally identifiable information such as names, dates of birth, addresses, and Social Security numbers, but that only some driver’s licenses were stolen. Equifax blamed the data breach on failure to install a security fix to a web application flaw, allowing a two-month window for hackers to access to consumers’ personal data.
However, new developments have surfaced that hackers have gotten a hold of consumers’ tax ID numbers and drivers’ license issue dates and states, making the total number of consumers affected by the Equifax data breach closer to 147.9 million. According to Equifax, the reason why this information wasn’t discovered until now was because these 2.4 million consumers did not have their Social Security numbers stolen along with their driver’s license numbers, so they were not included in the initial forensic investigation.
“The methodology used in the company’s forensic examination of last year’s cybersecurity incident leveraged Social Security numbers (SSNs) and names as the key data elements to identify who was affected by the cyberattack,” the company announced. “This was in part because forensics experts had determined that the attackers were predominately focused on stealing SSNs. Today’s newly identified consumers were not previously informed because their SSNs were not stolen together with their partial driver’s license information.”
“This is not about newly discovered stolen data,” says Equifax Interim CEO Paulino do Rego Barros Jr., “It’s about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers, making connections that enabled us to identify additional individuals.”
Equifax says it plans to notify these additional 2.4 million consumers who have been impacted by the data breach by mail and will offer them free credit monitoring and identity theft protection services.
To date, over 23 class action lawsuits have been filed and consolidated into multidistrict litigation over the massive Equifax data breach. In late February, U.S. District Judge Thomas Thrash, who is overseeing the federal Equifax data breach litigation, appointed 26 attorneys to serve as lead counsel. Additionally, the company is facing a $550 million class action lawsuit in Canada over its alleged negligence in protecting consumers’ personal information.
Additionally, Equifax is under federal investigation. The Federal Trade Commission and The Consumer Financial Protection Bureau have launched investigations into the Equifax data breach and its handling (or lack thereof) of the cyberattack.
So, what does this mean for you exactly? Well, if you have a credit report, there is a solid chance that you could be one of the nearly 148 million consumers whose personal information may be in the hands of cyber thieves, leaving you highly vulnerable to identity theft. To find out if you have been affected by the Equifax data breach, you can visit Equifaxsecurity2017.com to see if your data has been exposed.