Equifax confirmed the initial cybersecurity incident in September 2017, noting that criminals exploited a U.S. website application vulnerability to gain access to certain files. (Reuters)
Equifax has confirmed that the massive data breach it announced last year is larger than previously thought, affecting an additional 2.4 million U.S. consumers.
New details of the breach were announced by the credit reporting company Thursday, taking the total number of victims to 147.9 million. The company says the additional consumers only had their names and part of their driver's license numbers stolen, unlike the original 145.5 million Americans who had their Social Security numbers impacted.
Attackers were unable to get the state where the license was issued, the date of issuance or its expiration date.
“This information was partial because, in the vast majority of cases, it did not include consumers' home addresses, or their respective driver's license states, dates of issuance, or expiration dates,” the company explained in a statement.
EQUIFAX COULD MAKE MONEY FROM ITS OWN BREACH; 2.4 MILLION MORE ARE EXPOSED
Equifax confirmed the initial cybersecurity incident in September 2017, noting that criminals exploited a U.S. website application vulnerability to gain access to certain files.
It remains the largest data breach of personal information in history.
Security experts have voiced their concern about the worsening scale of the data breach.
Tom Kemp, CEO of identity and access management specialist Centrify, described the 147.9 million affected consumers as an “alarming” number.
“Despite an increase in security investments, breaches continue to rise," Kemp said in an email to Fox News. "The fact is, four out of five breaches (including those experienced by Equifax, Yahoo!, Uber, HBO, and more) exploit compromised identities, stolen passwords or privileged access.”
He added: “Yet despite cybercriminals’ focus on identity, most organizations aren’t making the clear connection between breaches and compromised credentials.”
BIGGEST DDOS ATTACK ON RECORD HITS GITHUB
“As we thought, the Equifax breach was way worse than we all knew,” added John Callahan, CTO of biometric authentication company Veridium, in an email to Fox News. “When it comes to data breaches, few compare to the damage that has, and likely will continue to come from information leaked.”
One answer to consumers’ cybersecurity woes could be the emerging concept of self-sovereign identity, according to Callahan. Self-sovereign identity, which uses the highly secure blockchain data protocol, aims to give users control over their identity data, regardless of where it is stored.
In a recent blog post, Veridium used the example of a travel booking website only needing someone's passport and payment information to complete a purchase. “Blockchain could allow the airline company to request the information that it needs– and only the information that it needs– and then allow you to transmit that information securely.”
HACKERS HIJACK TESLA SYSTEM IN BOLD CRYPTOCURRENCY ATTACK
Equifax says it will reach out to all newly impacted consumers and will provide the same credit monitoring and identity theft protection services they have been offering to the original victims.
The Associated Press contributed to this article. Follow James Rogers on Twitter @jamesjrogers
Get a daily look at what’s developing in science and technology throughout the world.