Equifax announced that an addition 2.4 million users have been impacted by a massive data breach in 2017. The stolen data included users’ names and some of their driver’s license information.
Together with the additional identified victims, Equifax data breach becomes the largest breach of personal information in history that have impacted approximately 148 million users.
Paulino do Rego Barros, chief executive at Equifax announced that ”This is not about newly discovered stolen data. It’s about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers, and making connections that enabled us to identify additional individuals.”
The consumer credit reporting agency claimed that a part of an ongoing analysis, they have found that these newly discovered 2.4 million victims’ names and partial driver’s license numbers were stolen by hackers. Equifax also noted that these newly identified users were not informed about the breach because unlike the previous 145.5 million people, their Social Security numbers were not stolen.
The methodology used in the company’s forensic examination of last year’s cybersecurity incident leveraged Social Security Numbers (SSNs) and names as the key data elements to identify who was affected by the cyber attack. This was in part because forensics experts had determined that the attackers were predominately focused on stealing SSNs.
The company announced that they will notify these newly identified users and will offer them identity theft protection and credit file monitoring services at no charge.
According to ThreatPost, the company still haven’t responded to the requests for further information about the ongoing analysis.
Ongoing Breach Disclosures
Equifax data breach has been under public scrutiny since September 2017. According to Equifax statements, the breach was initially discovered on July 29. Equifax breach allowed cybercriminals to access private user data including social security numbers, birth dates, and license numbers.
Further, it was disclosed that Equifax was notified in March that the breach was linked to an unpatched Apache Struts vulnerability CVE-2017-5638. Richard Smith, Equifax CEO at the time noted that the breach occurred due to “human errors and technology failures.”
Customers are able to see if their personal information has been accessed by cybercriminals. They can click on an “Am I Impacted” online tool on Equifax website. The consumer credit reporting company also advised its consumers to review their account statements and credit reports, detect any suspicious activities and protect their sensitive data from the breach.
Equifax stores consumer data from more than 820 million individual users and 91 million businesses across the globe.