Equifax data breach made an even larger impact than previous estimates

3 Oct 2017

US Capitol, Washington DC. Image: Tupungato/Shutterstock

The fallout from the massive customer data breach of Equifax continues.

Cybersecurity firm Mandiant has completed its forensic investigation into the data breach disclosed by Equifax in September.

Equifax is in further trouble, as a statement confirmed that an additional 2.5m US customers were potentially impacted, raising the overall figure to 145.5m customers.

According to Equifax, there is currently no evidence of additional or new hacker activity, and no proof has been found that databases outside of the US were accessed.

The information pertaining to customers in the UK is now being analysed, and Equifax is in discussions with UK regulators regarding the scope of the company’s consumer analysis.

Interim CEO Paulino do Rego Barros Jr was contrite in his statement: “I want to apologise again to all impacted consumers. As this important phase of our work is now completed, we continue to take numerous steps to review and enhance our cybersecurity practices.”

He continued, explaining that regime changes are underway at the Atlanta credit reporting firm: “We also continue to work closely with our internal team and outside advisers to implement and accelerate long-term security improvements.”

Former CEO Richard Smith, who presided over the company during the breach, is due to face Congress today (3 October). According to The New York Timeshe plans to tell the first group of interrogators that “Equifax was entrusted with Americans’ private data, and we let them down”.

Equifax slow to respond to warnings

According to Smith, the Department of Homeland Security sent an alert to Equifax and others about a critical vulnerability in software used to record customer disputes in early March of this year.

The vulnerability remained unpatched and attackers used the flaw to gain access to the information, remaining undetected until late July when suspicious activity was noted on its network. The scale of the breach was apparently not discovered until mid-August.

Equifax holds data on more than 820m consumers as well as information on 91m companies.

US Capitol, Washington DC. Image: Tupungato/Shutterstock

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects