Equifax reveals additional 2.4 million users impacted from 2017 breach

It looks like the nightmare for Equifax users is far from over as today the consumer credit reporting giant has announced that according to its ongoing investigation, there are 2.4 million additional Equifax customers impacted by the massive 2017 data breach.

Initially, Equifax claimed that 143 million Americans, which is over 40% of the entire population of the United States, had their personal and sensitive details stolen. At that time, the stolen data included names, date of birth, addresses, social security numbers (SSN), driver license numbers, and credit card data.

However, on 11th February 2018, Sen. Elizabeth Warren, sent a letter to the Interim Chief Executive Officer at Equifax Inc. Paulino Do Rego Barros revealing that after five months of investigation she found that data detailed by Equifax on last years breach also included email addresses, license state, date of issue of those licenses and tax identification numbers (TINs).

This means as of now hackers are holding personal and sensitive details of 145.4 million Americans that can be used for sophisticated scams including identity theft. Additionally, the data stolen from 2.4 million includes their names and driver’s license information.

“This is not about newly discovered stolen data,” said Paulino do Rego Barros, Jr., Interim Chief Executive Officer. “It’s about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers, and making connections that enabled us to identify additional individuals.”

According to Richard Henderson, Global Security Strategist, Absolute:

“Not surprisingly, the Equifax story will get worse before it gets better. Time and again we experience massive breaches where the hackers get away with troves of personal information and today we find out that an additional 2.4 million U.S. customers had partial information stolen — beyond all those that were already identified.”

“A nightmare come true. With regulations like GDPR (General Data Protection Regulation) about to come into full force and the likelihood of other nations fortifying their own data privacy regulations, time is of the essence when it comes to totally revamping how companies look at how they are storing and using consumer data. This should be ringing alarm bells to every other corporation in the world.”

Remember, Equifax blamed the breach on a flaw in Apache Struts Framework on its website. However, the company is facing a lawsuit for not implementing proper security measures to protect customers’ data.

Moreover, Equifax sits on sensitive data of over 820 million customers and 91 million businesses around the world. Therefore, in coming days Equifax customers should expect more bad news from the company. 


Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.