Equifax releases additional information on massive 2017 data breach
In a written statement to the SEC Monday, Equifax provided the most comprehensive accounting of the magnitude of the 2017 data breach to date.
Equifax had already reported that the names, Social Security numbers, and dates of birth of 143 million US consumers had been exposed, along with driver’s license numbers “in some instances,” as well as the credit card numbers of 209,000 individuals. The company’s management had also reported “certain dispute documents” submitted by about 182,000 consumers contesting credit reports had been exposed as well.
Poor data standardization made it difficult for Equifax to adequately determine the total scale of the breach until now. With the help of cybersecurity firm Mandiant, Equifax sent the following information to the SEC on May 7th.
Of the 146.6 million individuals affected by the breach:
· 145.5 million had Social Security numbers exposed.
· 99 million had address information exposed.
· 27.3 million had gender information exposed.
· 20.3 million had phone numbers exposed.
· 17.6 million had driver’s license numbers exposed.
· 1.8 million had email addresses exposed.
· 209,000 had credit card numbers exposed.
· 97,500 had Tax Identification numbers exposed.
· 27,000 had the state of their driver’s license exposed.
In addition, Equifax provided more detail about the “dispute documents” that were stolen in the breach. These were personal identity documents uploaded as images to Equifax:
· 38,000 driver’s licenses
· 12,000 Social Security and Taxpayer ID cards
· 3,200 passports and passport cards
· 3,000 other documents, including military and state IDs and resident alien cards.
Equifax says in the statement “Equifax believes it has satisfied applicable requirements to notify consumers and regulators. It does not anticipate identifying further impacted consumers, as it has now completed analysis of government issued identification numbers stolen together with names.”