In the fall of 2017, Equifax, one of the three major consumer credit reporting agencies in the United States, reported a staggering breach of its consumer data files. As recounted in this Avvo Story, the breach ranked as one of the largest cyberattacks ever against a major financial services corporation. Moreover, it shone a harsh spotlight on the questionable actions of top Equifax executives.
New victims found in Equifax breach
Initially, Equifax reported that the breach exposed sensitive data of an estimated 143 million consumers. The company later raised that number to 145.5 million. And on March 1, 2018, Equifax acknowledged that an additional 2.4 million consumers were impacted by the breach, bringing the estimated total to 147.9, or nearly half the population of the United States. The latest group of affected consumers appear to have had their driver’s license data compromised, but, unlike earlier reported victims, their Social Security numbers were not breached.
This revelation of additional victims has led to congressional calls for a wider investigation of the breach and Equifax’s response. Senator Elizabeth Warren (D-Mass.) has complained that the company has failed to disclose the full extent of the breach, and Representative Greg Walden (R-Ore.), chairman of the House Energy and Commerce Committee, has criticized Equifax’s responses to the committee’s requests for documentation of the breach.
As has become customary after such security breaches, Equifax says it will offer free credit monitoring and identity theft protection services to the newly identified victims. But a year or two of free services seems like a hollow gesture to many consumers, whose data will likely live on indefinitely on the dark web.