Equifax, the credit scoring company embroiled in a 2017 data breach scandal, disclosed news on Thursday (March 1) that has identified 2.4 million more consumers in the U.S. whose partial driver’s license information was stolen.
In a press release, Equifax said it was able to pinpoint about 2.4 million consumers by referencing other information in proprietary company records that the hackers didn’t steal and by tapping the resources of an outside data provider. According to the company the 2.4 million U.S. consumers were not previously identified as being impacted by the cyberattack.
The information was partial because, in most of the cases, it didn’t include consumers’ home addresses or the state their driver’s licenses were issued. Nor did it include the dates the license was issued or the expiration dates, Equifax said in the release.
“This is not about newly discovered stolen data,” said Paulino do Rego Barros Jr., interim chief executive officer, in the press release. “It’s about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers and making connections that enabled us to identify additional individuals.”
Equifax said the method it used in its forensic examination of last year’s cybersecurity incident leveraged Social Security numbers (SSNs) and names as the key data elements to identify who was affected by the breach. This was, in part, because forensics experts had determined the attackers were predominately focused on stealing SSNs. The newly identified consumers were not previously informed because their SSNs were not stolen together with their partial driver’s license information, Equifax said, noting it will notify them immediately.
“We continue to take broad measures to identify, inform and protect consumers who may have been affected by this cyberattack,” Barros added in the release. “We are committed to regaining the trust of consumers, improving transparency and enhancing security across our network.”