Equifax has confirmed more Americans are impacted by the cyberattack that targeted the credit rating giant last year than was first revealed.
The company said in a statement Thursday that an ongoing analysis showed 2.4 million more Americans had their names and partial drivers’ license information stolen, but they were not previously thought to have been affected.
The company said the additional information was “partial,” because in most cases the stolen data didn’t include consumers’ home addresses or other information on their drivers’ licenses.
Equifax initially said 143 million consumers were affected by the data breach but later revised that figure to 145.5 million.
Equifax collects and holds data on more than 800 million consumers worldwide.
The hack became the largest single data breach reported in 2017.
Last month, Equifax made headlines again after a leading senator criticized the company for failing to reveal that hackers had stolen tax identification numbers (TINs), email addresses, and additional license information — such as issue dates and by which state — which was not originally disclosed.
It was the latest twist in a long-running saga of mistakes and missteps made by the company, which has been accused of persistently botching its response to the hack. Not only did Equifax take four months to disclose the hack, the breach was later attributed to a vulnerable server that the company had failed to patch earlier in the year. After the hack was eventually disclosed, Equifax struggled to inform its users — many of which had no idea the company was hoarding data on them in the first place — if they were vulnerable.
Although lawmakers are continuing to investigate the breach, the government body charged with consumer protections, the Consumer Financial Protection Bureau, halted its investigation following a change in leadership.