Equifax hack put more info at risk than consumers knew


The Equifax data breach exposed more of consumers' personal information than the company first disclosed last year, according to documents given to lawmakers.

The credit reporting company announced in September that the personal information of 145.5 million consumers had been compromised in a data breach. It originally said that the information accessed included names, Social Security numbers, birth dates, addresses and — in some cases — driver's license numbers and credit card numbers. It also said some consumers' credit card numbers were among the information exposed, as well as the personal information from thousands of dispute documents.

However, Atlanta-based Equifax Inc. recently disclosed in a document submitted to the Senate Banking Committee, that a forensic investigation found criminals accessed other information from company records. According to the document, provided to The Associated Press by Sen. Elizabeth Warren's office, that included tax identification numbers, email addresses and phone numbers. Finer details, such as the expiration dates for credit cards or issuing states for driver's licenses, were also included in the list.

The additional insight into the massive breach was first reported by the Wall Street Journal.

Equifax's disclosure, which it has not made directly to consumers, underscores the depth of detail the company keeps on individuals that it may have put at risk. And it adds to the string of missteps the company has made in recovering from the security debacle.

Equifax spokeswoman Meredith Griffanti said that "in no way did we intend to mislead consumers." The company last year disclosed only the information that affected the greatest number of consumers and wanted to "act with the greatest clarity" in terms of the information provided the committee, she said.

Griffanti also said that while the list provided to the committee includes all the potential data points that may have been accessed by criminals, those elements impacted a minimal portion of consumers. And some data — like passport numbers — were not stolen. The company reiterated that the total number of consumers affected is unchanged.

"When you are making that kind of announcement, where do you draw the line? If you saw the list we provided the banking finance committee it was pretty exhaustive," Griffanti said. "We wanted to show them that no stone was left unturned."

But to consumers whose information was exposed, it may feel like yet another slap in the face.

Equifax waited months to disclose the hack. After it did, anxious consumers experienced jammed phone lines and uninformed company representatives. An Equifax website set up to help people determine their exposure was described as sketchy by security experts and provided inconsistent and unhelpful information to many. The company blamed the online customer help page's problems on a vendor's software code after it appeared that it had been hacked as well.

Equifax has tried to make changes, replacing its CEO, as well as spending millions to research and rectify the breach. In January, it launched a service that allows consumers to lock and unlock their credit report. But a test of the site by The New York Times found it unusable in many ways. The company said this experience was an exception and it has made some key changes to the service since it first launched.

The company continues to deal with multiple regulatory investigations into the matter as well as hundreds consumer lawsuits. Warren, D-Mass., released a report on the hack Wednesday that described it as "one of the largest and most significant data security lapses in history."


Reader Comments ...


Next Up in Nation World

Delta ending discount for NRA members 
Delta ending discount for NRA members 

Atlanta-based Delta Air Lines announced Saturday it is ending a discount for National Rifle Association members. The move comes as some other businesses broke ties with the NRA amid debate over gun control in the wake of the Parkland school shooting in Florida earlier this month. “We will be requesting that the NRA remove our information...
Red Cross says 21 staffers paid for sexual service in past 3 years
Red Cross says 21 staffers paid for sexual service in past 3 years

A member of the International Committee of the Red Cross said that in the past three years, 21 staff members have resigned or were fired for “paying for sexual services,” CNN reported. Two other staff members suspected of sexual misconduct also did not have their contracts renewed, according to Yves Daccord, director general of the...
City reviews sale for potential downtown farmers market
City reviews sale for potential downtown farmers market

A historic building in downtown Springfield may become the new indoor, retail space for a farmer’s market. Springfield city commissioners have submitted a 14-day ordinance to approve the sale of Myers Market, at 101 South Fountain Avenue, to SpringForward for $100,000 according to a request for commission action by Assistant City Manager and...
What covering the 2017 NRA convention was like
What covering the 2017 NRA convention was like

Last year’s National Rifle Association convention brought 80,000 people to downtown Atlanta, and on opening day I interviewed some of the nicest people I’d ever met. Given the heated protests that preceded the April 2017 event at the Georgia World Congress Center and the “fake news media” narrative some have embraced, I thought...
Deputy who failed to engage Parkland shooter had solid work history
Deputy who failed to engage Parkland shooter had solid work history

For years, Scot Peterson loved working as a school resource deputy with the Broward Sheriff’s Office in South Florida. He was dependable. He intervened in conflicts as a mediator. He was awarded school resource deputy of the year about four years ago and was recognized at a Parkland City Commission meeting. He volunteered to help with a...
More Stories