Equifax Breach Worse Than Previously Disclosed
In documents provided to the Senate Banking Committee, Equifax revealed their 2017 breach may have exposed even more information than previously disclosed.
In September, credit reporting agency Equifax announced that the personal information of 145.5 million consumers had been stolen. Information included names, Social Security numbers, birth dates and addresses. At that time, they also announced that credit card and driver’s license numbers may also have been taken.
Last week, the company said a forensic investigation determined that tax identification numbers, email addresses and phone numbers may also have been stolen, as well as credit card expiration dates and the issuing state of drivers’ licenses.
In a letter addressed to Equifax interim chief executive Paulino do Rego Barros Jr., Senator Elizabeth Warren demands a number of items, including a “full and complete list” of all data elements accessed in the breach, the potential numbers of individuals affected, a description of the timeline and steps Equifax took to investigate the breach, and the process by which the company notified consumers.
A spokeswoman for Equifax told the Wall Street Journal that “an insignificant number” of email addresses were stolen and that email addresses are not considered sensitive information. Additionally, she said the company “complied with applicable notification requirements in the disclosure process,” and that consumers were notified by mail if their credit card numbers were stolen.
Consumers can go to Equifax’s website and use their social security number or tax identification number to see if they have been affected by the data breach. If you have been affected, suggested steps for protecting yourself will be displayed. Steps include getting a free copy of your credit report so you can make sure no accounts have been opened in your name, and freezing or locking your credit report.