The credit reporting firm Equifax Inc. suffered a massive data breach in 2017 that exposed the identities of about 146 million US consumers. It is still considered as one of the worst data breaches of 2017.
Recently, the company's forensic investigation revealed that 2.4million more people than it previously believed were affected by the breach exposing victim's personal details like name, birth dates, social security numbers etc. The incident brings the total number of people affected by the breach to about 148million.
The company continued its analysis to find out some more information about the data breach and the impact of the incident. The recent disclosure is the result of it. Previously, Equifax was unable to identify the customers because their social security number was not stolen. It was discovered that hackers were mainly targeting to swipe social security numbers.
The drivers' license information that was compromised did not include home addresses or states, date of issuance or expiration dates, as told by the company. Last year, the disclosure of the incident resulted in Congressional hearings and the departure of then CEO Richard Smith. "This is not about newly discovered stolen data," said Paulino do Rego Barros, who took over as interim Chief Executive last year. "It's about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers, and making connections that enabled us to identify additional individuals."
The stock also has taken a slumping 21% since the disclosure. A company that tracks consumer financial data to help establish credit ratings is now facing state and federal investigations as well as class-action lawsuits over the breach. The company hired Jamil Farshchi from Home Depot Inc. last month as Chief Information Security Officer in an effort to boost its oversight.
Equifax said, there is no evidence that proves hackers accessed its core consumer, employment, or income or commercial credit-reporting databases and promised to notify the newly identified consumers and offer identity theft protection and credit file monitoring services.
"We continue to take broad measures to identify, inform and protect consumers who may have been affected by this cyber-attack," assured Barros in a statement.