DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Equifax discovers another 2.4 million customers hit by data breach

Posted on March 1, 2018 by Dissent

Reuters reports:

Equifax Inc (EFX.N), a provider of consumer credit scores, on Thursday said it found another 2.4 million U.S. consumers hit by a data breach last year, bringing the total to 147.9 million.

The company said the latest batch of consumers affected had their names and driver’s license information stolen, but noted less information was taken because it did not include home addresses, driver’s license states, dates of issuances, or expiration dates.

Read more on Reuters.

Update: This is the text of Equifax’s press release:

ATLANTA, March 1, 2018 /PRNewswire/ — As a result of ongoing analysis of data stolen in last year’s cybersecurity incident, Equifax Inc. (NYSE: EFX) today announced that the company has confirmed the identities of U.S. consumers whose partial driver’s license information was taken. Equifax was able to identify these consumers by referencing other information in proprietary company records that the attackers did not steal, and by engaging the resources of an external data provider.

Through these additional efforts, Equifax was able to identify approximately 2.4 million U.S. consumers whose names and partial driver’s license information were stolen, but who were not in the previously identified affected population discussed in the company’s prior disclosures about the incident. This information was partial because, in the vast majority of cases, it did not include consumers’ home addresses, or their respective driver’s license states, dates of issuance, or expiration dates.

The methodology used in the company’s forensic examination of last year’s cybersecurity incident leveraged Social Security Numbers (SSNs) and names as the key data elements to identify who was affected by the cyberattack.  This was in part because forensics experts had determined that the attackers were predominately focused on stealing SSNs. Today’s newly identified consumers were not previously informed because their SSNs were not stolen together with their partial driver’s license information.

“This is not about newly discovered stolen data,” said Paulino do Rego Barros, Jr., Interim Chief Executive Officer. “It’s about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers, and making connections that enabled us to identify additional individuals.”

Equifax will notify these newly identified U.S. consumers directly, and will offer identity theft protection and credit file monitoring services at no cost to them. Information about registering for these services will be included in the notification.

“We continue to take broad measures to identify, inform, and protect consumers who may have been affected by this cyberattack,” Barros added. “We are committed to regaining the trust of consumers, improving transparency, and enhancing security across our network.”

As the company committed to do, Equifax launched Lock & Alert™ to all U.S. consumers on January 31. This new service, which is free for life, enables consumers to quickly lock and unlock their Equifax credit report using a computer or app downloaded on their mobile device.

Importantly, the company’s forensics experts have found no evidence that Equifax’s core consumer, employment and income, or commercial credit reporting databases were accessed as part of the cyberattack, and the company believes it will have met all applicable requirements to notify consumers.

Since announcing this incident, Equifax has taken steps to communicate with and assist consumers and customers. Among other things, the company has established a web portal advising U.S. consumers to review their account statements and credit reports, identify any unauthorized activity, and protect their personal information from further attack. Additionally, the company offered free identity theft protection and credit file monitoring services to all U.S. consumers regardless of whether or not they were impacted.

Consumers can visit www.equifaxsecurity2017.com for more information about the cybersecurity incident and for answers to frequently asked questions.

Category: Business SectorHackU.S.

Post navigation

← Criminal Network Supplying Identity and Travel Documents Dismantled in Greece – Europol
Report: Number of Healthcare Records Breached Hit Four-Year Low in 2017 →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • AMI Group – Travel & Tours notice of ransomware attack
  • Resource: Insider Threat reports
  • Za: Cyber extortionist sentenced to eight years in jail
  • ICE takes steps to deport the Australian hacker known as “DR32”
  • Hearing on the Federal Government and AI
  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Decision That Murdered Privacy
  • Hearing on the Federal Government and AI
  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.