More Equifax breach victims have been discoveredAn announcement posted to the official Equifax cybersecurity incident website on March 1, 2018 states that the company has identified an additional 2.4 million consumers whose information was involved in the massive data breach first disclosed in September 2017. This brings the total number of data breach victims up from the initially reported 145.5 million to a whopping 147.9 million people. Coming shortly on the heels of an admission to the Senate Banking Community that the extent of the breach was much larger than Equifax initially led Congress and the public to believe, this is just one more misstep in a line of missteps that stretches quite far. Here’s what you need to know about these newly discovered Equifax breach victims and what you can do if you’re one of them.

The additional Equifax breach victims are not part of a new incident

Fortunately, Equifax has assured the public that these newly discovered breach victims are not part of a new or previously undiscovered data breach. Instead, the company stated that in the process of its ongoing analysis of the cybersecurity incident, it uncovered the identities of approximately 2.4 million people whose partial driver’s license information was stolen. They identified these people by referencing other data within Equifax servers (data that was not stolen, the official statement emphasizes) and engaging with “resources of an external data provider.” The primary takeaway for these new breach victims are:

  • Only partial information was stolen in most cases, primarily driver’s license numbers. Other details, like home address, the state of issue, date of issue and expiration date, were not accessed simultaneously.
  • None of these 2.4 million people were previously identified, which means their information is not found when using the “Am I Impacted?” tool on the Equifax cybersecurity incident website.
  • Equifax will be notifying these individuals via U.S. postal mail, so there’s no need for them to take any action at this point in time.

In addition to notifying those involved directly by mail, Equifax will be offering them free identity theft protection and credit monitoring, though the company did not disclose whether it would be the same TrustedID Premier service offered to the original 145.5 million breach victims.

What can potential victims do?

Unfortunately, there’s not a whole lot that most people can do. Until these 2.4 million people receive letters in the mail, they have no way to know that their information was even compromised. The rule of thumb when it comes to the Equifax breach seems to be that everyone, whether the official Equifax tool indicated it or not, should presume themselves compromised and take protective measures. Chiefly, if you haven’t frozen your credit reports yet, now is a great time to finally get around to that. While it won’t prevent everyone (like your current credit card issuer) from accessing your credit reports, it will stop new credit accounts from being opened in your name. Additionally, if you have yet to file your taxes, the sooner the better since tax identity theft is easy peasy when cybercriminals possess the kind of intimate personal information that was stolen from Equifax’s servers. Finally, urging your local and federal representatives to support legislation to make it so that companies like Equifax have to notify the public earlier and face harsher consequences for lax cybersecurity is one of the best ways to protect yourself — and future generations — in years to come.

Just recently, the Securities and Exchange Commission (SEC) released a series of updated guidelines for public companies on the proper handling of cybersecurity incidents and risks. This included requiring timely notification of issues, as well as preventing officials and executives from trading shares of stock if they have unpublicized knowledge of a security incident within their company. If you’ll remember, this was something that caused some controversy in the Equifax aftermath. And Senator Elizabeth Warren has been leading the charge in Washington to investigate and hold the credit bureau accountable for its mistakes and actions before and after the breach.

Whether this is the last we’ll hear of the Equifax breach, or there’s more to come, you can count on our identity theft protection blog to keep you up to date on this and other cybersecurity issues.