The toll is rising.
Equifax has confirmed that an additional 2.4 million consumers were exposed in last year's massive data breach, raising the number compromised by the hack to nearly 148 million.
The company says these consumers were not previously identified because only their partial driver's license information was exposed. By referencing other information in Equifax records that the attackers did not steal, and by engaging the resources of an external data provider, Equifax said it has been able to assign names to that data.
"This is not about newly discovered stolen data," said Paulino do Rego Barros, Jr., Equifax interim CEO. "It's about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers, and making connections that enabled us to identify additional individuals."
Will notify affected consumers
The newly identified consumers will be notified by Equifax directly. The company said it will offer these consumers free identity theft protection and credit file monitoring services -- services provided to the other 145 million victims.
Last September, Equifax disclosed that hackers gained access to files on as many as 143 million people over a three-month period earlier in the year. That number was later revised to more than 145 million.
According to the company, the cybercriminals used a vulnerability in “a U.S. website application” to gain entry in mid-May 2017. It provided free credit monitoring services to those affected and waived fees to freeze access to consumers' credit reports.
Eva Velasquez, President and CEO of the Identity Theft Resource Center (ITRC) in San Diego, told us back in September that a credit freeze is the best way to prevent your identity from being stolen, but even that isn't foolproof.
To place a credit freeze, you must contact each of the three credit reporting agencies to request one, then contact them again to lift it when you need a business to be able to access your credit.
Since disclosing the data breach, Equifax has replaced its CEO and faced a number of class action lawsuits. However, the Consumer Financial Protection Bureau (CFPB) last month reportedly backed away from a full investigation of the breach.
"We continue to take broad measures to identify, inform, and protect consumers who may have been affected by this cyberattack," Barros said. "We are committed to regaining the trust of consumers, improving transparency, and enhancing security across our network."