CREDIT REPORTING OUTFIT Equifax admitted that it has discovered yet more US citizens affected by last year's data breach.
Last month, US Senator Elizabeth Warren accused Equifax of failing to disclose the complete picture of the 2017 hack, claiming that the attack may have exposed more data than first believed, or, at least, more than the firm admitted at the time.
Equifax this week admitted that Warren was right, with the firm having uncovered another 2.4 million citizens whacked by the data breach. This is on top of the 145.5 million US individuals already reported to have been affected, along with a reported 15.2 million Brits.
In a statement released on Thursday, the firm said that ongoing analysis of the stolen data confirmed that an additional 2.4 million US citizens had partial driving licence information taken.
"This information was partial because, in the vast majority of cases, it did not include consumers' home addresses, or their respective driver's license states, dates of issuance, or expiration dates," the statement said.
These individuals weren't initially picked up as the firm focused its initial investigations on Social Security Numbers, which weren't stolen from the newly-identified data breach victims, Equifax said.
Paulino do Rego Barros, Jr., Interim Chief Executive Officer, said: "This is not about newly discovered stolen data. It's about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers, and making connections that enabled us to identify additional individuals."
Barros said that Equifax will notify these newly identified US consumers directly, and will offer them free identity theft protection and credit file monitoring services.
"We continue to take broad measures to identify, inform, and protect consumers who may have been affected by this cyberattack," he added.
"We are committed to regaining the trust of consumers, improving transparency, and enhancing security across our network."
Equifax's latest admission comes amid yet more criticism from Warren, who this week said that the firm could actually make money from 2017's data breach.
During an interview with Market Place, Warren said: "Equifax may actually make money off this breach because it sells all these credit-protection devices, and even consumers who say, "Hey, I'm never doing business with Equifax again," well, good for you, but you go buy credit protection from someone else, they very well may be using Equifax to do the back office part. So Equifax is still making money off their own breach." µ
What could possibly go wrong...
Committee clams firm failed to implement 'adequate security'
Meme Ban means Meme Ban
It's anonymous data at first but the NYT figured out how to make it personal