The massive data breach suffered by Equifax in 2017 involved an additional 2.4 million Americans, putting to 147.9 million the total number of consumers affected by the said cybercrime, according to Brian Fung, reporting for the Washington Post.
The reason stated by Equifax why it was only now that they made the disclosure about this group of consumers was that it was their partial driver’s license numbers that were stolen and not their social security numbers, which was the focus of the credit reporting firm’s original investigation. Equifax CEO Paulino de Rego Barros Jr. said it does not mean that there were more consumer data stolen but the discovery was made after they analyzed additional databases that were not touched by the hackers and were able to make the connection that identified the latest group of hacking victims.
This is the second time that Equifax has changed the number of consumers affected by the said data breach. In October 2017 it raised its estimate by 2.5 million to 145.5 million. The irregularities on how it conducted the probe over the said breach led it to its investigation by US Congress, which caused the resignation of Richard Smith, its former CEO.
The company was also the subject of an investigation by Sen. Elizabeth Warren, who accused Equifax of not keeping its computer systems updated and for its failure to report the said incident on time. Warren said that she had investigated Equifax for five months and found that it failed to report the full scope of the hack. Warren said even passport numbers were stolen. However, Equifax denied Warren’s allegations, saying it found no evidence that passport numbers were stolen during its own investigation over the said affair.
On the other hand, Mandiant, the third-party company that investigated the breach is being subpoenaed by Rep. Robert E. Latta to shed light on the matter. Latta said the American public deserves to know what actually happened, and that the congressional probe will continue until they have found the answers.