Equifax, one of the big three consumer credit reporting agencies, reported a data breach back in September 2017. At the time, they reported the compromise of both Social Security and driver's license numbers, critical dates, and other personal information.
Their official statement said the cyber security failure potentially impacted 143 million Americans. Now it appears they underestimated, by about 2 1/2 million people.
The company, based in Atlanta, Georgia, drew scorn for their handling of the breach due to a literal comedy of errors in the aftermath, including Equifax directing consumers to a fake website in numerous company Twitter posts.
The breach didn't stop the Internal Revenue Service (IRS) from awarding Equifax a lucrative no-bid contract just days after they reported the data hack, but they suspended the contract in October under public pressure. The Government Accountability Office (GAO) eventually ruled the $7.25 million contract null and void.
The 2017 hack of Equifax, one of the largest in recent years, marked the third major cyber security breach for the credit reporting and tracking agency since 2015. Information such as Social Security and driver's license numbers was compromised.
The additional data breach pulled less personal information from the newly disclosed estimated 2.4 million consumers. Equifax stated the hackers stole only their names and a partial driver's license number. The state of issuance for the licenses and the issue and expiration dates remained uncompromised.
In total, Equifax's data breach impacted approximately 147.9 million Americans. It now ranks as the largest known breach of personal information in United States history.
The company says they found the additional 2.4 million Americans while cross referencing names with partial driver's license numbers through internal and external data sources. Equifax initially focused only on Social Security numbers.
Stolen Social Security numbers pay more on the black market due to their extensive use in U.S. identity verification.
Equifax says it will reach out to all newly impacted consumers and will provide the same credit monitoring and identity theft protection services offered to the original victims.
So far the company remains silent on Twitter about this latest information. Others are not so silent.
Equifax says 2.4 million additional Americans were impacted by last year's breach, bringing the total to 147.9 mill… https://t.co/Ritt57ePgq— The Associated Press (@The Associated Press)1519914667.0
Good time to remind everyone that once Mulvaney seized control of the CFPB, he ended that agency’s investigation of… https://t.co/oUQDek8b12— Amy Siskind 🏳️🌈 (@Amy Siskind 🏳️🌈)1519913668.0
I spent 5 months investigating the #EquifaxBreach, and found the company failed to disclose the full extent of the… https://t.co/Wbhrz87Wkp— Elizabeth Warren (@Elizabeth Warren)1519918315.0
.@Equifax can’t be trusted. Their mistakes allowed the breach to happen, their response has been a failure, and the… https://t.co/jxpNprjEC0— Elizabeth Warren (@Elizabeth Warren)1519918315.0
I have a bill with @MarkWarner that would impose massive, mandatory penalties when companies like @Equifax expose m… https://t.co/BBkPv9BVLA— Elizabeth Warren (@Elizabeth Warren)1519918316.0
Equifax finds another 2.4M Americans hit by 2017 breach https://t.co/MaIqR6EmSX— Seana Smith (@Seana Smith)1519915238.0
@AGSchneiderman The breach happened because EQUIFAX did not fix "known vulnerabilities" in its open source code. Th… https://t.co/QtJJ3sOcZp— T. Cushing Munjoy (@T. Cushing Munjoy)1519917807.0
Don't forget. Equifax executives waited weeks to tell the public about the breach while they sold off their stock.… https://t.co/aNcQ8dHT79— Fight for the Future (@Fight for the Future)1519917716.0