A total of 147.9 million U.S. consumers had information exposed included Social Security numbers and addresses, and the credit card numbers of 209,000 cardholders.
A data breach exposed sensitive personal information of 143 million U.S. consumers, including their names, addresses and Social Security numbers, the credit bureau Equifax said Sept. 7, 2017. In addition, the credit card numbers of 209,000 cardholders were accessed.
Equifax announced Oct. 2, 2017, that a security review found that an additional 2.5 million Americans were potentially impacted by the data breach. That put the total then at 145.5 million.
On March 1 2018, Equifax said it had identified another 2.4 million U.S. consumers whose names and partial drivers’ license numbers were exposed, bringing the total affected to 147.9 million.
More on the Equifax data breach:
The company is offering free credit monitoring and ID theft protection to all U.S. consumers, and Equifax said it will send notices by mail to people whose card numbers were exposed.
It will also notify another approximately 182,000 people whose dispute documents with personal information were accessed.
The credit reporting giant said the information accessed by hackers from mid-May through July primarily includes names, Social Security numbers, birth dates, address and some driver’s license numbers.
While there have been data breaches that affected many more people, this data breach could be one of the largest in U.S. history to include the kind of information identity thieves could use to wreak havoc.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Equifax Chairman and Chief Executive Officer Richard F. Smith.
Equifax to offer free ID theft protection
Equifax said it is offering free ID theft protection to all U.S. consumers in the wake of the breach.
The company set up a web page with information about the breach, including a form for people to sign up for credit monitoring and to determine if their identifying details were involved.
On Jan. 31, Equifax rolled out a free mobile and desktop application called Lock & Alert that lets users control access to their credit report. The app is available to anyone with an Equifax credit report, whether they were affected by the breach or not.
The tool allows you to shut off access to your credit report by pushing a button, blocking fraudsters from opening new accounts in your name.
The breach affected some consumers in Canada and the U.K. as well as the U.S., Equifax said. Hackers gained access to files through a website application, but the company’s main data warehouse of consumer credit reports was not breached, Equifax said.
After discovering the intrusion on July 29, the company said it has been investigating the extent of the breach and scope of records exposed.
Here is a list of steps to take to protect your accounts after a data breach.
One of the largest data breaches on record
As one of the big three credit reporting agencies, Equifax maintains credit files on most U.S. adults with a credit history.
The breach seems likely to rank among the larger exposures of data, according to a list maintained on Wikipedia from sources including the Privacy Rights Clearinghouse. The list includes only seven larger hacks by the number of records exposed, including two at Yahoo, the largest, involving 1.5 billion records total. The Target breach in 2014 exposed 70 million records.
Bloomberg News reported that three senior company executives sold significant amounts of their stock after the company discovered the breach.
See related:Data breach protection: 10 tips