The revised estimate includes an additional 2.5 million U.S. consumers, bringing the total number of potentially exposed people to 145.5 million. Cybersecurity firm Mandiant -- which conducted the review – said that it found no evidence of new or additional hacker activity, and that the revised number was reached through a forensic investigation and quality assurance procedures.
“I was advised Sunday that the analysis of the number of consumers potentially impacted by the cybersecurity incident has been completed, and I directed the results be promptly released,” said Equifax interim CEO Paulino do Rego Barros, Jr.
“Our priorities are transparency and improving support for consumers. I will continue to monitor our progress on a daily basis.”
Fewer international consumers affected
While millions of additional U.S. consumers may have been affected by the breach, the review found no evidence that hackers accessed databases outside the U.S., which nixes previous estimates that as many as 100,000 Canadian citizens had been impacted.
Instead, Mandiant says that approximately 8,000 Canadian consumers may have been impacted by the breach due to affected credit cards. Equifax says that it will be mailing written notices to all of these consumers.
Additionally, Equifax says that an investigation into how many United Kingdom consumers were affected by the breach is being analyzed in the United Kingdom.
“I want to apologize again to all impacted consumers. As this important phase of our work is now completed, we continue to take numerous steps to review and enhance our cybersecurity practices,” said Barros. “We also continue to work closely with our internal team and outside advisors to implement and accelerate long-term security improvements.”