CREDIT REFERENCE AGENCY Equifax has admitted that 38,000 American driving licences and 3,200 passports were also compromised in last year's breach that exposed the details of 146.6 million of its customers.
The company has written to several US congressional committees to provide more information about the people and data caught up in the monstrous attack.
It explained that data from thousands of driving licences and passports had also been compromised in the attack, which took place last September. That's in addition to the personal details of more than 146 million people that the company has already fessed up to.
After conducting a further analysis into the breach, the company discovered that more document types had been targeted by hackers.
Equifax said an additional 12,000 social security and 3,000 other government identification documents - including military IDS and resident alien cards - were also affected.
The firm also reiterated the overall impact of the breach, which saw hackers pilfer 146.6 million names, 146.6 million dates of birth, 145.5 million social security numbers, 99 million addresses and 209,000 card numbers
"The company had not previously analysed the government-issued identifications contained in the images uploaded in the dispute portal," wrote the company in the letter.
"In response to governmental requests for additional information, the company recently analysed the dispute documents stolen in the cybersecurity incident and determined the approximate number of valid US government-issued identifications that had been uploaded to the dispute portal."
However, Equifax said it had not identified additional customers impacted by the hack.
"The government identification documents described above do not identify additional consumers affected," it explained.
"Since all of these consumers were previously notified of the specific files that he or she had uploaded to the dispute portal, no further notifications of consumers are required."
"In order to respond to governmental requests for additional information, the company provided additional information regarding the approximate number of consumers impacted for each of the data elements that was stolen in the cybersecurity incident," added the firm.
"With assistance from Mandiant, a cybersecurity firm, forensic investigators were able to standardise certain data elements for further analysis to determine the consumers whose personally identifiable information was stolen." µ
EC says merged entity will 'continue to face significant competition'
Alexa, give me a reason to be cheerful about the UK economy
No, it isn't 1 April
Uniloc claims feature infringes a previously HP-owned patent