Equifax Reveals Full Extent of Data Breach Damage

Equifax scrutiny
Photo by Casimiro PT / Shutterstock.com

Equifax has revealed new information about the extent of the cybersecurity breach it announced in September.

In response to a congressional inquiry, the credit-reporting agency provided federal lawmakers with estimates for the number of U.S. consumers affected by the data breach.

The data

According to Equifax’s statement to Congress, the types of data that hackers stole — and the approximate number of U.S. consumers affected — are:

  • Name: Approximately 146.6 million U.S. consumers
  • Date of birth: 146.6 million
  • Social Security number: 145.5 million
  • Address information: 99 million
  • Gender: 27.3 million
  • Phone number: 20.3 million
  • Driver’s license number: 17.6 million (including the 2.4 million people whose partial driver’s license information and name were stolen, as Equifax announced in March)
  • Email address: 1.8 million
  • Payment card number and expiration date: 209,000
  • Tax ID: 97,500
  • Driver’s license state: 27,000

Additionally, hackers accessed images that about 182,000 U.S. consumers had uploaded to Equifax’s online dispute portal. Some images included government-issued identification.

As part of the congressional inquiry, Equifax reviewed those images to determine what types of valid government IDs were in the images and the approximate number of images that included each type of ID:

  • Driver’s license: Approximately 38,000 images included this type of ID
  • Social Security or taxpayer ID card: 12,000
  • Passport or passport card: 3,200
  • Other types of ID documents (such as military IDs, state-issued IDs and resident alien cards): 3,000

The details

Equifax’s statement to Congress is publicly accessible via the U.S. Securities and Exchange Commission.

The SEC requires publicly traded companies to report “major events that shareholders should know about” on what’s known as a Form 8-K. Equifax’s Form 8-K regarding its congressional statement is also publicly available, albeit written in the same sterile language as the statement.

Equifax’s congressional statement and event report note that hackers stole data from multiple Equifax database tables. Equifax worked with a cybersecurity firm, Mandiant, to determine the extent of the breach for Congress.

The statement and report also note — repeatedly — that the information above does not represent additional stolen data and does not impact additional consumers.

Additionally, the documents state that Equifax has already notified affected consumers as the law requires.

That does not necessarily mean the breach did not affect you if Equifax did not contact you, though. The company notes legal exceptions. For example:

“With respect to the data elements of gender, phone number, and email addresses, U.S. state data breach notification laws generally do not require notification to consumers when these data elements are compromised, particularly when an email address is not stolen in combination with further credentials that would permit access.”

The aftermath

This latest chapter in the Equifax cybersecurity breach saga reveals a new — and fear-inspiring — level of detail about the extent of the hacking. But it changes little for consumers.

In the wake of learning this news, do the following:

  1. If you don’t already know whether the breach impacted you, you can find out by visiting Equifax’s dedicated “Cybersecurity Incident” website and clicking on the red “Am I Impacted?” button — assuming you’re willing to trust the company with your last name and the last four digits of your Social Security number.
  2. If the breach impacted you, seriously consider freezing your credit with all three nationwide credit reporting companies: Equifax, Experian and TransUnion. Remember, Equifax is offering free credit freezes through June 30.

As we’ve detailed repeatedly, a credit freeze or security freeze is generally the single best way to protect your identity and your finances if you know your sensitive personal information has been compromised. Just don’t let your guard down, as a freeze won’t fully protect you after a data breach.

What’s your take on this news? Sound off below or over on our Facebook page.

Disclosure: The information you read here is always objective. However, we sometimes receive compensation when you click links within our stories.

Most Popular
New Retirement Bill Would Help Savers of All Ages
New Retirement Bill Would Help Savers of All Ages

With bipartisan support, this bill could help millions of workers and retirees boost or conserve their retirement savings.

If You Find This Thrift Shopping, Buy It
If You Find This Thrift Shopping, Buy It

This iconic dinnerware is prized for everyday use as well as reselling for profit.

3 Colors That Can Ruin Your Car’s Resale Value
3 Colors That Can Ruin Your Car’s Resale Value

Select the wrong color for your next car, and it could depreciate twice as fast as others.

20 Things That Are Actually Worth Stockpiling
20 Things That Are Actually Worth Stockpiling

You don’t need a year’s supply of toilet paper to survive an outbreak, but consider stocking up on these items.

9 of the Best Things to Do When You Retire
9 of the Best Things to Do When You Retire

You’ve waited all your life for this moment. Make the most of your retirement.

Beware This Hidden Ingredient in Rotisserie Chicken
Beware This Hidden Ingredient in Rotisserie Chicken

Something foul may lurk in those delicious, ready-to-eat birds.

View More Articles

View this page without ads

Help us produce more money-saving articles and videos by subscribing to a membership.

Get Started

Add a Comment

Our Policy: We welcome relevant and respectful comments in order to foster healthy and informative discussions. All other comments may be removed. Comments with links are automatically held for moderation.