THE MEGA-HACK on credit reporting outfit Equifax may have exposed more data than first believed, or, at least, more than the firm admitted at the time.
Last year, hackers were able to compromise the credit agency's systems and gain access to the personal information of up to 145 million Americans, as well as around 15 million Brits.
They were able to steal social security numbers, driving licence numbers, addresses and dates of birth - everything required to perpetrate identity theft. But now, the Wall Street Journal reports, it is feared that the hackers plundered even more data than the company publicly admitted.
New congressional documents show that the crooks also made off with tax identification numbers, issuance dates, email addresses and driver licence states.
Using this data, it is now easier than before for criminals to use victim's identities to apply for credit cards and to commit other types of identity fraud, using information that the victims never even consented to share with the company.
Equifax must clarify its confusing and incomplete story of the #EquifaxBreach. We've got to keep the heat on @Equifax & we need better laws to hold credit reporting agencies accountable: https://t.co/0mZ1ZHqiHG— Elizabeth Warren (@SenWarren) February 10, 2018
On Friday, Democratic senator Elizabeth Warren wrote to Equifax slamming the company for providing "incomplete, confusing and contradictory statements" in the aftermath of the hack.
In a letter published on Friday, Warren briefed acting CEO Paulino do Rego on her investigation. She accused the company of failing to disclose the complete picture of the attack.
The US Senator has also lashed out at the company in a series of tweets. In one, she said: "In October, when I asked the CEO about the precise extent of the breach, he couldn't give me a straight answer. So for five months, I investigated it myself."
Another read: "My investigation revealed the depth of the breach and cover-up at Equifax. And since I published the report, Equifax has confirmed it is even worse than they told us."
Responding to the reports, a spokesperson for the firm branded the claims as "extremely misleading". But they admitted that more data had been leaked than the company had initially let on.
It is not the first time that Equifax has been accused of failing to tell the whole truth about the data breach. It initially claimed that only around 400,000 British people's details were compromised and that very little personal information had been lost. It later had to up that number to more than 15 million. µ
Social network suffers yet another privacy Zuck-up
It's the gateway device into a world of AI development
'Glass Enterprise Edition 2' is coming, for some reason
Monetisation lures Google to cherry-pick from its sibling