Equifax, one of the big three consumer credit reporting agencies, reported a data breach back in September 2017. At the time, they reported the compromise of both Social Security and driver's license numbers, critical dates, and other personal information.
Their official statement said the cyber security failure potentially impacted 143 million Americans. Now it appears they underestimated, by about 2 1/2 million people.
The company, based in Atlanta, Georgia, drew scorn for their handling of the breach due to a literal comedy of errors in the aftermath, including Equifax directing consumers to a fake website in numerous company Twitter posts.
The breach didn't stop the Internal Revenue Service (IRS) from awarding Equifax a lucrative no-bid contract just days after they reported the data hack, but they suspended the contract in October under public pressure. The Government Accountability Office (GAO) eventually ruled the $7.25 million contract null and void.
The 2017 hack of Equifax, one of the largest in recent years, marked the third major cyber security breach for the credit reporting and tracking agency since 2015. Information such as Social Security and driver's license numbers was compromised.
The additional data breach pulled less personal information from the newly disclosed estimated 2.4 million consumers. Equifax stated the hackers stole only their names and a partial driver's license number. The state of issuance for the licenses and the issue and expiration dates remained uncompromised.
In total, Equifax's data breach impacted approximately 147.9 million Americans. It now ranks as the largest known breach of personal information in United States history.
The company says they found the additional 2.4 million Americans while cross referencing names with partial driver's license numbers through internal and external data sources. Equifax initially focused only on Social Security numbers.
Stolen Social Security numbers pay more on the black market due to their extensive use in U.S. identity verification.
Equifax says it will reach out to all newly impacted consumers and will provide the same credit monitoring and identity theft protection services offered to the original victims.
So far the company remains silent on Twitter about this latest information. Others are not so silent.
