Equifax released updated information on its massive 2017 data breach in a news post this week. The company said it has identified another 2.4 million U.S. consumers whose data it now believes to have been stolen.
The information taken is less detailed than the records obtained from people in the main affected population. According to Equifax, the “vast majority” of individuals in the new group had only their names and partial driver’s license details accessed during the attack. However, in some cases home addresses and more detailed driver’s license validation and expiration dates may have been included.
Equifax made the discovery during its ongoing forensic investigation into the breach. It has been relying on names and social security numbers (SSNs) to piece together the identities of people who may have been impacted. Equifax has determined that the attackers were predominantly seeking SSNs, so it has focused its attention on users who had their SSNs stolen.
READ NEXT: Google launches free online course to improve AI education
None of the 2.4 million newly identified victims had their SSNs stolen together with their driver’s license details, so Equifax did not previously inform them. The company stressed that the data has not been stolen since the original breach. It’s only now working through the data that it knows to have been taken, using database analysis to find links to other people who may be impacted.
“This is not about newly discovered stolen data. It’s about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers, and making connections that enabled us to identify additional individuals,” said Paulino do Rego Barros, Jr, Equifax Interim CEO. “We continue to take broad measures to identify, inform, and protect consumers who may have been affected by this cyberattack.”
Equifax said it’s now taking steps to contact the people newly confirmed to have been affected. It will be providing free identify theft and credit file monitoring services to help the individuals protect themselves against the potential risks.
The company is continuing to direct consumers to its controversial “equifaxsecurity2017.com” advice site, a domain that has been repeatedly criticised by security experts for appearing too similar to malicious phishing sites.
