Equifax Hack Much Worse Than Originally Reported
Equifax has admitted to the US Senate Banking Committee that the 2017 cyberattack may have compromised far more customer information than previously disclosed.
According to the Wall Street Journal (WSJ) tax identification numbers, expiration dates for credit cards, issuing states for driver’s licenses, email addresses and phone numbers have also been compromised by the 2017 Equifax hack, which was labelled one of the largest and most significant data security lapses in history.
This development was discovered by an ongoing forensic investigation to discover the extent of the data accessed by hackers. Equifax, which has been accused of obfuscation and concealing the truth in regards to depth and extent of the hack, claims that there is nothing shady about this admission since its original estimate was not intended as a definitive number.
US Senator Elizabeth Warren issued a response to this revelation in a letter to Equifax: “As your company continues to issue incomplete, confusing, and contradictory statements and hide information from Congress and the public, it is clear that five months after the breach was publicly announced, Equifax has yet to answer this simple question in full: what was the precise extent of the breach?”
Extent of the Damage Remains Unclear
Initially the company, which was forced to admit they hid the hack for five months, said that only social security numbers, birth dates and addresses had been compromised. This additional hacked data makes the breach significantly worse than previously thought and its full extent remains unclear.
The WSJ, which first reported this new information, states that it remains unclear how many of the 145.5 million affected by the 2017 breach had additional information about them exposed. A spokeswoman for Equifax said the latest disclosure from the US should not imply that additional information about the 14 million UK citizens affected by the hack had also been stolen.
This latest revelation only adds to the numerous mistakes made by the company as it has tried to recover from the security debacle. The UK’s Financial Conduct Authority is still investigating Equifax over the cyberattack but said that it had nothing to add to letter outlining the probe.