A Year Later, Equifax Finally Reveals Full extent of Breach

A year has passed since the worst data breach of 2017, and Equifax has finally revealed the full extent of the personal data and information stolen by hackers who accessed its databases in May 2017. 

In a "statement for the record" submitted to the SEC on Monday, Equifax executives revealed that while the number of individuals affected in the breach has not increased, hackers accessed more information than previously reported.  

In addition to the roughly 150 million dates of birth and social security numbers, 99 million addresses, and 200,000 payment cards breached, hackers also accessed some 38,000 American drivers licenses, as well as details on 3,200 passports.

The table below outlines the full extent of the breach, as it stands today. 

These new details were apparently unearthed by cybersecurity firm Mandiant's audit of Equifax security, which helped the credit giant “standardize certain data elements for further analysis to determine the consumers whose personally identifiable information was stolen.”

Because the newly discovered breached data didn't involve any new individuals, Equifax says no additional consumer notifications are required. And, technically, they're right—though it's not a good look. When news of Equifax's breach first broke, there was widespread speculation that Congress would pass new legislation to stiffen the penalties for data breaches, and for failure to notify consumers. So far, though, nothing has materialized. But with GDPR right around the corner, it seems that the US is bound to follow suit. 

For now, the best practice to keep your identity from being stolen is still putting security freezes on your credit files. This will keep potential creditors from viewing your files unless you lift the freeze, which makes it harder for thieves to apply for credit in your name.