Equifax Data Breach: New chart shows exactly how much information was stolen

|
Equifax data breach - Clark Howard credit freeze guide
Image Credit: Dreamstime
Team Clark is adamant that we will never write content influenced by or paid for by an advertiser. To support our work, we do make money from some links to companies and deals on our site. Learn more about our guarantee here.
Advertisement

We thought it couldn’t get any worse, but once again, we were wrong.

The Equifax data breach exposed far more information about consumers than we had been led to believe.

The full scope of the massive hack has emerged just this week because the credit-reporting agency disclosed it to the Securities and Exchange Commission in a filing. What is revealed is that the company has once again revised the number of people affected, as well as made some new admissions.

In September 2017, the Atlanta-based company told the public that millions of people may have had their personal data exposed when “criminals” hacked a website application vulnerability.

Equifax finally reveals full scope of data breach

The company initially said that names and Social Security numbers were involved in the data breach. But much of the other information, like how many driver’s license numbers were exposed, was played down.

For example, in February, Equifax denied that passports were part of the treasure trove of personal info that criminals made off with last year, when as many as 148.5 million people had their data exposed. In the SEC filing, Equifax says passports were indeed part of the illicit catch.

In their “Statement For The Record,” disclosed Monday, Equifax said, “As a result of its analysis of the standardized data elements, including using data not stolen in the attack, the company was able to confirm the approximate number of impacted U.S. consumers for each of the following data elements: name, date of birth, Social Security number, address information, gender, phone number, driver’s license number, email address, payment card number and expiration date, TaxID, and driver’s license state.”

RELATED: People are taking Equifax to small claims court and winning

Here is what Equifax said the thieves stole in the data breach, along with the number of people affected:

Name First Name, Last Name, Middle Name, Suffix, Full Name 146.6 million
Date of Birth D.O.B. 146.6 million
Social Security Number2 SSN 145.5 million
Address Information Address, Address2, City, State, Zip 99 million
Gender Gender 27.3 million
Phone Number Phone, Phone2 20.3 million
Driver’s License Number3 DL# 17.6 million
Email Address (w/o credentials) Email Address 1.8 million
Payment Card Number and Expiration Date CC Number, Exp Date 209,000
TaxID TaxID 97,500
Driver’s License State DL License State 27,000

“Separately from the elements described above … the attackers also accessed images uploaded to Equifax’s online dispute portal by approximately 182,000 U.S. consumers,” the company told the SEC. Equifax said that between October and Decemer 2017, it notified all consumers affected by the image heist.

Equifax said that because some consumers may have uploaded government-issued identifications through their portal, they didn’t initially analyze the images. But they have manually reviewed them since then. Here is the type and approximate number of images the hackers were able to access:

  • Driver’s License images —38,000
  • Social Security or Taxpayer ID Card images — 12,000
  • Passport or Passport Card images — 3,200
  • Other images (military IDs, state-issued IDs, resident alien cards) — 3,000

After more than eight months of wrangling, Equifax said it “believes it has satisfied applicable requirements to notify consumers and regulators. It does not anticipate identifying further impacted consumers.”

Understandably, you may feel uneasy about the load of personal information that may be in the hands of crooks and hackers. But there’s something you can do about it.

Data breach protection: What to do

Money expert Clark Howard recommends a two-pronged approach to protecting yourself (and, in fact, advised consumers to do this even before the Equifax breach). Here’s what to do:

  1. Sign up for a Credit Karma or Credit Sesame account to get free credit monitoring and be notified when anyone tries to access your personal info. Here’s a step-by-step rundown of how to do it.
  2. Freeze your credit at the three major credit-reporting bureaus. Here’s an in-depth guide on how to contact Equifax, TransUnion and Experian to freeze your accounts.

Aside from congressional committees, Equifax has largely escaped federal scrutiny. But on the local level, states are trying to put safeguards in place. Here’s how to contact your own representatives.

RELATED: Massachusetts Equifax case bodes well for consumers

Advertisement
Craig Johnson is a conscious money-saver who still reads paperback books and listens to vinyl. He likes to write about how technology is making things easier and more affordable — but also sometimes more dangerous — for the modern consumer. You can reach Craig at [email protected]
View More Articles
  • Show Comments Hide Comments