According to a press release issued by Equifax today, a study conducted by Mandiant concluded that approximately 2.5 million additional Americans were affected by Equifax security breach announced on September 7th 2017. This now brings the total number of affected Americans to 145.5 million who have had sensitive information such as addresses, birth dates, phone numbers, and social security numbers exposed to hackers.
This same study indicates that the amount of Canadian citizens whose information was exposed was reduced from over 100,000 to around 8,000. The amount of United Kingdom citizens affected was also determined, but while this information was reported to and being analyzed by UK regulators, it is not being made public at this time.
In today's press release, the newly appointed Equifax CEO, Paulino do Rego Barros, Jr, they are making every effort to be transparent about the investigation and its conclusions.
"I was advised Sunday that the analysis of the number of consumers potentially impacted by the cybersecurity incident has been completed, and I directed that the results be promptly released," newly appointed interim CEO, Paulino do Rego Barros, Jr. said. "Our priorities are transparency and improving support for consumers. I will continue to monitor our progress on a daily basis."
Unfortunately, this transparency is coming too late with the original hack taking place on July 29th, 2017, but not being disclosed until early September. This gave hackers over a month to analyze the data that they gathered and potentially perform identity theft on many of the exposed victims.
Overall, this breach has been handled amateurly and with blunder after blunder. Whether it was sending emails containing unknown domain names and looking like a phishing attempt, to using this hack to promote their own identity protection services, or three executives selling shares of Equifax days before the hack's announcement, nothing about this breach has been handled with professionalism or expertise.
It's downright scary that this company is in possession of so much extremely sensitive data for so many U.S. citizens.