The Equifax security breach in 2017 was worse than we thought: Millions more people had their social security number, name, and date of birth revealed. Hackers also made off with 56,200 ID documents like passports and drivers licenses.
Equifax, the credit agency targeted by an infamous hack that exposed the personal data of nearly half of the population of the United States, revealed more details about the incident in a federal filing on Monday evening.
The upshot: The breach was worse than Equifax originally said.
The company originally said 143 million customers were affected. Now, after reviewing all of the affected data, Equifax says that it was 146.6 million people who had their name and date of birth exposed, and 145.5 million of those who had their social security number (SSN) exposed.
Furthermore, 27.3 million people had their gender exposed, 20.3 million had their phone number exposed, and 1.8 million people had their email addresses exposed. In the filing, Equifax expressed its view that under the law, this information wasn't considered sensitive enough to warrant a new notification to customers.
Also troublesome for consumers is that Equifax announced the scale of the leak, when its online resolution portal — where customers can dispute items in their credit report — was breached in September.
This means that 56,200 passports, driver's licenses, security cards, taxpayer IDs and other personal documents were also leaked. Equifax says in the filing that it notified customers affected by this breach individually, and wasn't required to do a broad disclosure upon delivery.
Here are the key charts, taken from the SEC filing: