Equifax Reveals 2.4 Million Consumers Had Additional Info Stolen in 2017 Breach

Interim Equifax CEO Paulino do Rego Barros, Jr. on on Capitol Hill in Washington, Wednesday, Nov. 8, 2017. Photo: AP

Equifax announced new details on Thursday regarding the personal consumer data stolen during its disastrous data breach last year.

Previously undisclosed, the credit reporting agency said it had now identified approximately 2.4 million US consumers whose names and driver’s license information were stolen. In the “vast majority of cases,” the company said, the driver’s license numbers were not combined with additional pertinent information, such as home addresses, home states, or the licenses’ expiration dates.


Equifax said it had not previously reported the stolen records because its forensic investigation was focused predominantly on the theft of Social Security Numbers. The affected customers will be notified by the company directly, the company said.

“We continue to take broad measures to identify, inform, and protect consumers who may have been affected by this cyberattack,” Equifax interim CEO Paulino do Rego Barros, Jr., said in a statement.

The Equifax breach, first reported in September 2017, is widely considered the largest breach of consumer data in US history. Roughly 148 million Americans were impacted.


Earlier this week, a prominent US lawmaker accused Equifax of profiting off the breach. Sen. Elizabeth Warren, Democrat of Massachusetts, told Marketplace that Americans who’ve decided not to business with Equifax may still be paying the company when they sign up for outside credit-protection services.

“Equifax may actually make money off this breach because it sells all these credit-protection devices, and even consumers who say, ‘Hey, I’m never doing business with Equifax again’—well, good for you, but you go buy credit protection from someone else, they very well may be using Equifax to do the back office part,” said Warren, author of legislation co-sponsored by Sen. Mark Warner aimed at holding credit reporting agencies financial liable for breaches involving sensitive consumer data.


Share This Story

About the author

Dell Cameron

Privacy, security, tech policy | Got a tip? Email: dell@gizmodo.com | Send me encrypted texts using Signal: (202)556-0846

PGP Fingerprint: A70D 517E FB9A 02C9 C56E 86D5 877E 64E7 10DF A8AEPGP Key
OTR Fingerprint: 2374A8EA 6D2B7712 0D82D659 C0FE8253 A3F080FD