It’s been five months since consumer credit reporting agency Equifax finally told the public that its database was hacked. Back then, they said that the thieves retrieved addresses, birthdates, names, and Social Security numbers. Now, the Wall Street Journal reports that breach is worse than we initially thought.
Equifax said, in a document submitted to the Senate Banking Committee and reviewed by The Wall Street Journal, that cyberthieves accessed records across numerous tables in its systems that included such data as tax identification numbers, email addresses and drivers’ license information beyond the license numbers it originally disclosed.
Unsurprisingly, an Equifax spokesperson tried to play down the breach in response to questions from the WSJ. The spokeswoman insinuates that it’s really not that big of a deal.
Hackers also accessed email addresses for some consumers, according to the document and an Equifax spokeswoman, who said “an insignificant number” of email addresses were affected. She added that email addresses aren’t considered sensitive personal information because they are commonly searchable in public domains.
While an email address alone may not be sensitive information, it definitely can help hackers who already have access to a plethora of other, very sensitive information. Worried about your driver’s license information? Equifax doesn’t offer any specifics but insists that the breach is “minimal”—I doubt the people affected by this would agree.
The Equifax spokeswoman said the “additional driver’s license information accessed other than the driver’s license number was extremely minimal” and “anyone with a potentially affected driver’s license number” can also look up their status on an Equifax website.
I have a feeling this won’t be the last we hear about this hack and the vast amount of personal information stolen from Equifax. Unsurprisingly, Equifax stock prices are falling in light of the news.