Equifax said Thursday that 2.4 million more consumers than previously reported were affected by the massive data breach the company suffered last year, adding to an already stunning toll.
This means that as many as 147.9 million consumers have been affected in some way by the breach, which amounts to about half the country.
The affected people’s compromised information involves partial driver’s license data. It does not include Social Security numbers, which was the focus of earlier analyses of the breach and the reason this group of consumers was not identified sooner, according to the credit reporting company.
“This is not about newly discovered stolen data,” said Paulino do Rego Barros Jr., Equifax’s interim chief executive. “It’s about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers, and making connections that enabled us to identify additional individuals.”
This is not the first time Equifax has expanded its estimate of the breach’s impact, which initially was put at 143 million consumers. In October, the company raised its estimate by 2.5 million, to 145.5 million. The company was dragged to Capitol Hill to answer for its missteps, with former chief executive Richard Smith — who by then had resigned in light of the crisis — accepting responsibility for the breach.
Last month, a probe by Sen. Elizabeth Warren (D-Mass.) said the company failed to keep its computer systems adequately up to date and was not forthcoming enough about its description of the damage.
“Our office learned that Equifax lost passport numbers of an unidentified number of Americans,” Warren said in a statement at the time. “Unlike the other sensitive data exposed during the breach, Equifax did not disclose this to the American public.”
Equifax said Thursday that it will extend offers of free credit monitoring to those who are part of the new batch of affected consumers.