Confidential documents filed with the Senate Banking Committee suggest that Equifax could have lost considerably more personal information about over 145 million Americans to hackers than it’s publicly let on, CNN Money reported.
While Equifax had disclosed that names, dates of birth, and Social Security numbers might have been compromised, as well as some drivers’ license numbers, the documents reveal that the license state and date of issue of those licenses might have been exposed. According to the Wall Street Journal, additional information that Equifax may have lost includes tax identification numbers (which the Internal Revenue Service sometimes assigns in lieu of an SSN) and email addresses.
An Equifax spokeswoman told the Journal the company complied with regulatory requirements and that they didn’t consider the “insignificant” number of email addresses lost to be sensitive because they’re often publicly accessible. Similarly, the company downplayed the new revelations to CNN Money:
Equifax spokesperson Meredith Griffanti told CNNMoney Friday that the original list of vulnerable personal information was never intended to represent the full list of potentiality exposed information.
The new documents immediately bring Equifax’s credibility into even further question following numerous other damaging revelations, including a malware-infested website, executives who dumped stock after the company discovered the hack, and the news the company was warned months before about security vulnerabilities and did nothing.
This week, Sen. Elizabeth Warren issued a report on the Equifax hack which concluded that the company could be hiding that it also lost passport numbers. In a follow-up letter on Friday, Warren demanded the company immediately release the full extent of the possibly compromised information and denounced its “incomplete, confusing and contradictory statements.” Equifax told the New York Post hackers had simply “accessed” a database with a “field labeled passports with no actual data in it,” which seems more than a little curious.
The identities of the person or persons who breached Equifax is still, as of yet, a mystery, though some suspect they might have been state-sponsored hackers.