US credit bureau Equifax said Thursday it identified an additional 2.4 million American consumers affected by last year’s massive data breach that sparked a public outcry and a congressional probe.
The company’s forensic investigation revealed the new identities on top of the 146 million affected in the attack that exposed victims’ personal details, including names, birth dates and social security numbers.
“This is not about newly discovered stolen data,” said Paulino do Rego Barros, who took over as interim chief executive last year at the scandal-hit credit agency.
“It’s about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers, and making connections that enabled us to identify additional individuals.”
Equifax said the newly identified consumers were not previously informed because their social security numbers — which appeared to be the focus of the hackers — were not stolen together with their partial driver’s license information.
Equifax said it would notify these consumers and will offer identity theft protection and credit file monitoring services.
The Atlanta-based company, which tracks consumer financial data to help establish credit ratings, is now facing state and federal investigations as well as class-action lawsuits over the breach.
While the breach was not the largest in history, it has been considered among the most damaging because of the sensitive information held by Equifax and the potential for that data to be used in identity theft or other crimes.
