Equifax, the credit bureau attacked by a notorious hack that divulged the personal data of nearly half of the United States population, revealed more details on Monday evening in a federal submission the incident. Conclusion: The break was worse than Equifax originally said.
The company originally said that 143 million customers were affected; Now, after reviewing all the data involved, Equifax says it was 146.6 million people who had given their name and date of birth and 145.5 million of those who had issued their social security numbers.
In addition, 27.3 million people had their sex, 20.3 million had their phone numbers and 1.8 million people had disclosed their e-mail addresses. In the notification, Equifax expressed its view that, by law, this information would not be considered sensitive enough to justify re-notifying customers.
Also problematic for consumers is that Equifax announced the extent of the leak when the online resolution portal, where customers can complain about articles in their credit report, was breached in September.
This means that 56,200 passports, driving licenses, security cards, taxpayer identity cards and other personal documents have also been leaked. Equifax explains in the application that it individually notified customers affected by this breach and was not required to provide a broad disclosure upon delivery.
Here are the main charts from the SEC filing: