[Infowarrior] - Equifax Hack Might Be Worse Than You Think

[Richard Forno]

Equifax Hack Might Be Worse Than You Think
https://archive.is/x4HBa#selection-2053.0-2285.269

Hackers accessed more records, including tax ID numbers and email addresses, than Equifax previously thought

From left, Equifax’s interim CEO, Paulino do Rego Barros Jr.; former CEO Richard Smith; and Marissa Mayer, the former CEO of Yahoo, testified at a Nov. 8 hearing of the Senate Commerce, Science and Transportation Committee on how to protect consumers in data breaches. PHOTO: ALEX WONG/GETTY IMAGES
By AnnaMaria Andriotis  
Feb. 9, 2018 10:49 a.m. ET
0 COMMENTS  

Hackers in the Equifax Inc. EFX 0.48%▲ breach accessed more of consumers’ personal information than the company disclosed publicly last year.
Equifax said, in a document submitted to the Senate Banking Committee and reviewed by The Wall Street Journal, that cyberthieves accessed records across numerous tables in its systems that included such data as tax identification numbers, email addresses and drivers’ license information beyond the license numbers it originally disclosed.
The revelations come some five months after Equifax announced it had been breached and personal information belonging to 145.5 million consumers had been compromised, including names, Social Security numbers, dates of birth and addresses. The fact that hackers accessed even more data shows both the vast amount of information that Equifax holds and the risks at stake for consumers, given the level of personal information that has been compromised.
It’s unclear how many of the 145.5 million people are affected by the additional data including tax ID numbers, which are often assigned to people who don’t have Social Security numbers. Hackers also accessed email addresses for some consumers, according to the document and an Equifax spokeswoman, who said “an insignificant number” of email addresses were affected. She added that email addresses aren’t considered sensitive personal information because they are commonly searchable in public domains.
“We have complied with applicable notification requirements in the disclosure process,” the spokeswoman said, adding that the company has sent mail notices to consumers whose credit card numbers and certain other documents were impacted.
As for tax ID numbers, the Equifax spokeswoman said they "were generally housed in the same field” as Social Security numbers. She added that individuals without a Social Security number could use their tax ID number to see if they were affected by the hack.
Equifax also said, in response to questions from The Wall Street Journal, that some additional drivers’ license information had been accessed. The company publicly disclosed in its Sept. 7 breach announcement that drivers’ license numbers were accessed; the document submitted to the banking committee also includes drivers’ license issue dates and states.
The Equifax spokeswoman said the “additional driver’s license information accessed other than the driver’s license number was extremely minimal” and “anyone with a potentially affected driver’s license number” can also look up their status on an Equifax website.
On Wednesday, Massachusetts Democratic Sen. Elizabeth Warren, who is on the banking committee, released a report on the Equifax hack and the company’s response.
After disclosing the hack in September, Equifax announced that several executives, including chief executive Richard Smith, would retire. Mr. Smith was replaced by an interim chief executive, Paulino do Rego Barros Jr.
In the weeks following, Mr. Smith and Mr. Barros appeared before congressional committees to discuss the breach; Mr. Barros stated that the company quadrupled spending on security and updated its security tools since the breach.
In January, Equifax launched a free service allowing consumers to lock and unlock their Equifax credit report, a way to help limit access to it. The service is aimed at lessening the chances of fraudsters opening credit card accounts or other loans in consumers’ names.