<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1678611822423757&amp;ev=PageView&amp;noscript=1">

A Year Later, Equifax Finally Reveals Full extent of Breach

Jeff Edwards| May 09 2018

| security


A year has passed since the worst data breach of 2017, and Equifax has finally revealed the full extent of the personal data and information stolen by hackers who accessed its databases in May 2017. 

In a "statement for the record" submitted to the SEC on Monday, Equifax executives revealed that while the number of individuals affected in the breach has not increased, hackers accessed more information than previously reported.  

In addition to the roughly 150 million dates of birth and social security numbers, 99 million addresses, and 200,000 payment cards breached, hackers also accessed some 38,000 American drivers licenses, as well as details on 3,200 passports.

The table below outlines the full extent of the breach, as it stands today. 

Data Element Stolen Approximate Number of Impacted U.S. Customers
 Name  146.6 million
 Date of Birth 146.6 million
 Social Security Number  145.5 million
 Address Information  99 million
Gender 27.3 million
Phone Number 20.3 million
Driver's License Number 17.6 million
Email Address 1.8 million
Payment Card Number and Expiration Date 1.8 million
TaxID 97,500
Driver's License State 27,000

These new details were apparently unearthed by cybersecurity firm Mandiant's audit of Equifax security, which helped the credit giant “standardize certain data elements for further analysis to determine the consumers whose personally identifiable information was stolen.”

Because the newly discovered breached data didn't involve any new individuals, Equifax says no additional consumer notifications are required. And, technically, they're right—though it's not a good look. When news of Equifax's breach first broke, there was widespread speculation that Congress would pass new legislation to stiffen the penalties for data breaches, and for failure to notify consumers. So far, though, nothing has materialized. But with GDPR right around the corner, it seems that the US is bound to follow suit. 

For now, the best practice to keep your identity from being stolen is still putting security freezes on your credit files. This will keep potential creditors from viewing your files unless you lift the freeze, which makes it harder for thieves to apply for credit in your name.

Topics: security

Leave a Reply

Your email address will not be published. Required fields are marked *


Jeff Edwards is a tech writer and analyst with three years of experience covering Information Security and IT. Jeff has written on all things cybersecurity, from APTs to zero-days, and previously worked as a reporter covering Boston City Hall.

Free Trials

Getting started has never been easier. Download a trial today.

Download Free Trials

Contact Us

Let us know how we can help you. Focus on what matters. 

Send us a note

Subscribe to our Blog

Let’s stay in touch! Register to receive our blog updates.