Equifax Inc. (EFX), the credit reporting giant that suffered one of the largest data breaches in history last year, is under pressure to disclose the full extent of the cyberattack that put data on 145.5 million Americans at risk. (See also: How to Sue Equifax With a Chatbot—No Lawyer Needed.)
On Friday, The Wall Street Journal reported that Equifax had submitted a document to the Senate Banking Committee indicating that cyber criminals had accessed U.S. citizens’ email addresses, tax ID numbers and more driver license information than the company had previously said.
The data breach, which is thought to have occurred between mid-May and July of 2017, was announced in September and has cost Equifax about 20% of its market value. Last year, it was reported that a hack at Equifax had exposed names, Social Security numbers, birth dates and addresses of approximately 44% of the U.S. population.
Senator Demands Response to Investigation
Sen. Elizabeth Warren, referencing a report following a four-month investigation by her office into the data breach, suggested that hackers also gained access to customers’ passport numbers. The Massachusetts Democratic is now pushing for a quick response from Equifax, including details about any more data that may have been stolen.
“We have complied with applicable notification requirements in the disclosure process,” the Atlanta-based credit reporting company told the WSJ, suggesting the additional driver license data, which reportedly involved issue dates and states that granted them, was “extremely minimal.” The company added that the newspaper’s account “was not new information” and that the information disclosed in September included details affecting the majority of its customers, but was not a exhaustive list. Equifax said that the results of the forensic investigation showed that passport numbers were not included in the information accessed by the hackers. (See also: Equifax Tries to Save Face With Free Credit Freeze.)