Equifax data breach may affect 2.5 million more customers than originally stated, the overall number of exposed individuals reached 145.5 million.
Earlier this week, Equifax announced that additional 2.5 million U.S. consumers were exposed as a result of the massive data breach that affected the company in September. The credit reporting agency confirmed that a total of 145.5 million individuals have been exposed, hackers accessed names, social security numbers, dates of birth, addresses and, in some cases, driver’s license numbers and credit card numbers.
The company hired the security firm Mandiant to investigate the incident, it has already completed the forensic analysis of the affected systems.
“I was advised Sunday that the analysis of the number of consumers potentially impacted by the cybersecurity incident has been completed, and I directed that the results be promptly released,” said the appointed interim CEO, Paulino do Rego Barros, Jr. “Our priorities are transparency and improving support for consumers. I will continue to monitor our progress on a daily basis.”
According to Equifax, Mandiant was not able to find further evidence of new attacker activity or any unauthorized access to new databases or tables. and concluded that there is no evidence the attackers accessed databases located outside of the United States.
The experts have found no evidence the attackers have accessed databases located outside of the United States, personal information of only approximately 8,000 Canadian consumers was exposed. The figure is lower than previous thought, it was initially estimated that 100,000 Canadian consumers were affected.
“That number was preliminary and did not materialize,” Equifax said.
The Equifax hackers exploited a Struts 2 vulnerability, tracked as CVE-2017-5638, that was discovered in March.
In a statement to a congressional committee on Monday, former Equifax CEO Richard Smith explained that the company failed to patch the flaw in March after becoming aware of it. This admission aggravates the position of the company, according to Equifax policy, it experts would have required a patch to be applied within 48 hours.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.