Yesterday, Equifax revealed that an addition 2.4 million consumers than previously reported were also affected by the huge data breach the company experienced last year. This means that nearly 148 million consumers have been in some way affected by the breach, which is around half the U.S.’s population or the entire population of Russia.
The 2.4 million who have had their information compromised involves partial driver’s license data, but not social security numbers, unlike the earlier consumers. This is the reason this group was not identified previously, according to the credit reporting agency.
“This is not about newly discovered stolen data,” said Paulino do Rego Barros Jr., Equifax’s interim chief executive. “It’s about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers, and making connections that enabled us to identify additional individuals.”
Equifax has changed its estimate of the numbers of people affected several times since its initial disclosure of the breach, saying then it affected 143 million consumers. In October, they raised their estimate by 2.5 million to 145.5 million.
Last month, Senator Elizabeth Warren (D-Mass.) said the company had failed to adequately update its computer systems and accused it of not being transparent enough about the description of the damage caused by the breach. She also said the credit reporting company might actually turn a profit with this latest news.
“Equifax may actually make money off this breach because it sells all these credit-protection devices, and even consumers who say, ‘Hey, I’m never doing business with Equifax again’ –well, good for you, but you go buy credit protection from someone else, they very well may be using Equifax to do the back office part,” Warren said in an interview with Marketplace. “So Equifax is still making money off their own breach.”
The company was called to Capitol Hill last year to answer for its mistakes and former chief executive Richard Smith (who had by then resigned) accepted responsibility for the breach. The chairman of the House Energy and Commerce Committee, Rep. Greg Walden (R-Ore.), said the credit agency was not providing sufficient responses in relation to the committee’s ongoing probe into what happened, despite “repeated” requests for documents from Equifax by the committee.
“We now are requesting a briefing with Mandiant, the third-party company responsible for investigating the breach,” said Walden and Rep. Robert E. Latta (R-Ohio), who leads a subcommittee on digital commerce and consumer protection. “The American people deserve to know what went wrong, and our investigation will continue in full force until there are answers.”
Equifax said it was extending free credit monitoring to those in the new batch of affected customers, and that it was reaching out to them directly to notify them.