After exposing personal and sensitive information of over 143 million Americans, Equifax now says that the massive breach potentially impacts an additional 2.5 million people, bringing the total number of affected people up to 145.5 million individuals.
Equifax breach bigger than initially reported
Madiant, a cybersecurity firm retained by the credit reporting giant, was investigating the breach and has now concluded its forensic investigation, sharing the new figures.
"I was advised Sunday that the analysis of the number of consumers potentially impacted by the cybersecurity incident has been completed, and I directed that the results be promptly released," newly appointed interim CEO, Paulino do Rego Barros Jr said. "Our priorities are transparency and improving support for consumers. I will continue to monitor our progress on a daily basis."
The new numbers also reveal that 8,000 Canadian consumers were impacted, significantly fewer than Equifax's original numbers.
"With respect to potentially impacted Canadian citizens, the company previously had stated that there may have been up to 100,000 Canadian citizens impacted, but that number was preliminary and did not materialize. The completed review subsequently determined that personal information of approximately 8,000 Canadian consumers was impacted."
Apart from those in the United States and Canada, Equifax had initially said that 400,000 UK consumers may have been hit by this breach. In its latest conclusive report, Equifax said that the forensic investigation has been completed and the results are being analyzed in the United Kingdom. "Equifax is continuing discussions with regulators in the United Kingdom regarding the scope of the company's consumer notifications as the analysis of the completed forensic investigation is completed," the report said without sharing any new numbers.
In the US and the Canada, the company will mail written notices to all of the potentially impacted consumers, including the 2.5 million additional US accounts.
To respond to possible concerns over additional databases being accessed by the hackers after revealing these new numbers, Equifax wrote that "Mandiant did not identify any evidence of additional or new attacker activity or any access to new databases or tables."
"Instead, this additional population of consumers was confirmed during Mandiant's completion of the remaining investigative tasks and quality assurance procedures built into the investigative process."
"I want to apologize again to all impacted consumers," Barros, the newly appointed interim CEO who took the job after chairman and chief executive Richard Smith stepped down said. "As this important phase of our work is now completed, we continue to take numerous steps to review and enhance our cybersecurity practices."
- Earlier on Equifax security blunders:
- Equifax Continues Its Security Blunders – Now Wants Criminals to Have Your Data
- Simple Apache Struts Security Flaw That Equifax Failed to Patch Responsible for Hack
- Equifax Loses Personal Data of Over 143 Million Americans but Doesn’t Want to Be Sued
