The infamous Equifax data breach has once more expanded, the company announced last week that a further 2.4 million consumers in the United States had their information stolen by hackers.
The widely reported breach was first disclosed in September, at the time it was reported that Equifax had 143 million consumers private information stolen. The private data that was stolen included Social Security numbers, dates of birth, addresses and even some driver’s licenses. The month after the discovered breach. Equifax revised that estimate the following month and said an addition 2.5 million people had their data stolen. The latest development came in a March 1, 2018, announcement that 2.4 million more U.S. consumers had their data stolen.
In a statement released today Equifax commented:
“Through these additional efforts, Equifax was able to identify approximately 2.4 million U.S. consumers whose names and partial driver’s license information were stolen, but who were not in the previously identified affected population discussed in the company’s prior disclosures about the incident. This information was partial because, in the vast majority of cases, it did not include consumers’ home addresses, or their respective driver’s license states, dates of issuance, or expiration dates.”
The additional 2.4 million consumers had their names and partial driver’s license information stolen in the Equifax data breach. The information stolen does not include home addresses, the state of issue for the license, the issued date or the expiration dates. These consumers also did not have their Social Security numbers stolen; Equifax claimed that is why this wasn’t discovered during the initial investigations.
The statement went on further:
“The methodology used in the company’s forensic examination of last year’s cybersecurity incident leveraged Social Security numbers (SSNs) and names as the key data elements to identify who was affected by the cyberattack,” the company said in its announcement. “This was in part because forensics experts had determined that the attackers were predominately focused on stealing SSNs. Today’s newly identified consumers were not previously informed because their SSNs were not stolen together with their partial driver’s license information.”
Equifax said it “will notify these newly identified U.S. consumers directly” and offer them free credit monitoring and identity theft protection. However, this appears just to be an attempt to save face.
Regarding the investigations being conducted, Equifax believed that they had in fact “uncovered everything” following the initial breach last September. Yet still, this is not the first amendment they have had to make with regards to the extent of the hack and data being exposed.
Last month, it was confirmed that the data breach included more types of data such as tax identification numbers, email addresses and drivers license. This addition, which was not actually disclosed to the public directly – it was instead, reported by the Wall Street Journal who had a Senate Banking Committee document leaked to them.
Equifax stated that the discovery of the 2.4 million newly affected consumers came to light as part of “ongoing analysis” into the breach
The company’s stock price is now higher before the cyber-attack took place, but the worst may yet be to come with regulators and consumer right groups across the world preparing legal cases. Equifax has also spent millions on belatedly upgrading its technology and security infrastructure.
What Can be learned?
The problems faced by Equifax illustrate the importance of cyber security. Ensuring that digital disaster recovery is in place requires a full copy of data to be held in at least one off-site location, whether this is a backup site or disaster recovery site. This data can then be securely accessed in a disaster recovery scenario, helping organisations get back to operational capacity.
Redstor has been assisting organisations in backup, disaster recovery and archiving for 20-years and have helped thousands of organisations securely protect data off-site. To find out more about disaster recovery and learn how Redstor can help you recover from a disaster, get in touch now.