Equifax announced new details on Thursday regarding the personal consumer data stolen during its disastrous data breach last year.
Previously undisclosed, the credit reporting agency said it had now identified approximately 2.4 million US consumers whose names and driver’s license information were stolen. In the “vast majority of cases,” the company said, the driver’s license numbers were not combined with additional pertinent information, such as home addresses, home states, or the licenses’ expiration dates.
Equifax said it had not previously reported the stolen records because its forensic investigation was focused predominantly on the theft of Social Security Numbers. The affected customers will be notified by the company directly, the company said.
“We continue to take broad measures to identify, inform, and protect consumers who may have been affected by this cyberattack,” Equifax interim CEO Paulino do Rego Barros, Jr., said in a statement.
The Equifax breach, first reported in September 2017, is widely considered the largest breach of consumer data in US history. Roughly 148 million Americans were impacted.
Earlier this week, a prominent US lawmaker accused Equifax of profiting off the breach. Sen. Elizabeth Warren, Democrat of Massachusetts, told Marketplace that Americans who’ve decided not to business with Equifax may still be paying the company when they sign up for outside credit-protection services.
“Equifax may actually make money off this breach because it sells all these credit-protection devices, and even consumers who say, ‘Hey, I’m never doing business with Equifax again’—well, good for you, but you go buy credit protection from someone else, they very well may be using Equifax to do the back office part,” said Warren, author of legislation co-sponsored by Sen. Mark Warner aimed at holding credit reporting agencies financial liable for breaches involving sensitive consumer data.