Equifax Hack Might Be Worse Than You Think

Hackers accessed more records, including tax ID numbers and email addresses, 
than Equifax previously thought

From left, Equifax’s interim CEO, Paulino do Rego Barros Jr.; former CEO 
Richard Smith; and Marissa Mayer, the former CEO of Yahoo, testified at a Nov. 
8 hearing of the Senate Commerce, Science and Transportation Committee on how 
to protect consumers in data breaches. PHOTO: ALEX WONG/GETTY IMAGES
By AnnaMaria Andriotis  
Feb. 9, 2018 10:49 a.m. ET

Hackers in the Equifax Inc. EFX 0.48%▲ breach accessed more of consumers’ 
personal information than the company disclosed publicly last year.
Equifax said, in a document submitted to the Senate Banking Committee and 
reviewed by The Wall Street Journal, that cyberthieves accessed records across 
numerous tables in its systems that included such data as tax identification 
numbers, email addresses and drivers’ license information beyond the license 
numbers it originally disclosed.
The revelations come some five months after Equifax announced it had been 
breached and personal information belonging to 145.5 million consumers had been 
compromised, including names, Social Security numbers, dates of birth and 
addresses. The fact that hackers accessed even more data shows both the vast 
amount of information that Equifax holds and the risks at stake for consumers, 
given the level of personal information that has been compromised.
It’s unclear how many of the 145.5 million people are affected by the 
additional data including tax ID numbers, which are often assigned to people 
who don’t have Social Security numbers. Hackers also accessed email addresses 
for some consumers, according to the document and an Equifax spokeswoman, who 
said “an insignificant number” of email addresses were affected. She added that 
email addresses aren’t considered sensitive personal information because they 
are commonly searchable in public domains.
“We have complied with applicable notification requirements in the disclosure 
process,” the spokeswoman said, adding that the company has sent mail notices 
to consumers whose credit card numbers and certain other documents were 
As for tax ID numbers, the Equifax spokeswoman said they "were generally housed 
in the same field” as Social Security numbers. She added that individuals 
without a Social Security number could use their tax ID number to see if they 
were affected by the hack.
Equifax also said, in response to questions from The Wall Street Journal, that 
some additional drivers’ license information had been accessed. The company 
publicly disclosed in its Sept. 7 breach announcement that drivers’ license 
numbers were accessed; the document submitted to the banking committee also 
includes drivers’ license issue dates and states.
The Equifax spokeswoman said the “additional driver’s license information 
accessed other than the driver’s license number was extremely minimal” and 
“anyone with a potentially affected driver’s license number” can also look up 
their status on an Equifax website.
On Wednesday, Massachusetts Democratic Sen. Elizabeth Warren, who is on the 
banking committee, released a report on the Equifax hack and the company’s 
After disclosing the hack in September, Equifax announced that several 
executives, including chief executive Richard Smith, would retire. Mr. Smith 
was replaced by an interim chief executive, Paulino do Rego Barros Jr.
In the weeks following, Mr. Smith and Mr. Barros appeared before congressional 
committees to discuss the breach; Mr. Barros stated that the company quadrupled 
spending on security and updated its security tools since the breach.
In January, Equifax launched a free service allowing consumers to lock and 
unlock their Equifax credit report, a way to help limit access to it. The 
service is aimed at lessening the chances of fraudsters opening credit card 
accounts or other loans in consumers’ names.
Infowarrior mailing list

Reply via email to