2.4 million more US consumers were affected by the huge Equifax leak last year than previously known, the company has admitted today. The revelation comes after several months of forensic data investigation as Equifax attempted to identity exactly who had been impacted and what of their personal data had been stolen. It’s on top of more than 145m people impacted by the data breach that Equifax admitted last year.
Unsurprisingly, Equifax is keen to make sure people realize this isn’t a new leak. Instead, it’s 2.4m people who were part of the leak last year, but the existence of which it has taken the company until now to spot. That came down to Equifax’s initial methodology.
The hackers’ original intent was deemed to be stealing social security numbers (SSN) of real US citizens and residents. With that in mind, Equifax used SSD and names as “the key data elements” to figure out who had been impacted, the company said today. “Today’s newly identified consumers were not previously informed because their SSNs were not stolen together with their partial driver’s license information,” Equifax concedes.
This time around, the company – and an external data provider – looked at partial drivers license and the individual’s name instead. That led to the discovery that 2.4m people had been impacted by the security breach than initially believed. However, this new cohort is arguably in better shape than those Equifax let down originally, since “in the vast majority of cases,” the company insists, the leaked data on them “not include consumers’ home addresses, or their respective driver’s license states, dates of issuance, or expiration dates.”
Even with that reassurance, it’s not hard to imagine that most people will be frustrated at the new revelations. Equifax says that it will be contacting each person it has newly identified directly, with the offer of identity theft protection and credit file monitoring services just as it did with victims last year. They’ll also be eligible for the company’s newly-released Lock & Alert system, which launched at the end of January.
That service, in fact free for all US consumers, makes it easier to lock and unlock an Equifax credit report. It’s an extra level of protection that 2017 breach victims were advised to do last year, but which at the time required contacting the company’s customer services directly. However, the company’s online “Am I Impacted?” tool, which allows for a search by SSN to figure out if a person was affected by the breach, will not include these new 2.4m people.