The news just keeps getting worse for Equifax

The company has already had to revise their estimates of how many people were impacted by last year's breach more than once, and now, they're having to revise their estimate yet again.  This latest revision comes after company officials had to testify before Congress, which has been formally investigating the matter.

Prior to the release of Equifax's latest "statement of record:

  • 5 million consumers had their Social Security numbers compromised
  • 99 million consumers had address information exposed
  • 3 million consumers had gender information exposed
  • 3 million consumers had their phone numbers exposed
  • 209,000 consumers had their credit card numbers exposed
  • 97,500 consumers had their Tax Identification numbers exposed

Now the company is adding the following:

  • 6 million consumers had their driver's license numbers exposed
  • 12,000 had their Social Security and Taxpayer ID cards exposed
  • 3200 consumers had their passports exposed
  • An additional 3000 had other documents, such as military and state ID's compromised

As bad as it looks that the company has to keep revising their estimates upward, there's a logical reason for it.  The data that was stolen didn't come from a single database.  On top of that, the databases themselves all had highly variable structures, which has made it exceedingly difficult for forensic analysts to accurately assess the extent of the damage.  All that to say, since the process is still ongoing, we may see yet another upward revision of the scope and scale of the breach.

Our perspective

Of course, the company is doing what most companies do in cases like these:  They're offering a year's worth of free credit monitoring to impacted customers.  The ironic part of their offer though, is the fact that Equifax is offering their own credit monitoring service free for a year, which converts to a paid monitoring service after the year is up.  As Congressional officials rightly pointed out, this means that the company is essentially profiting off of its own breach, which is disturbing to say the least.

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.

Cloud Computing Expert | Small Business Technology Consultant | IT Services Provider | 866.995.4488

Denis S Wilson

I am President and Principal Consultant for DWP Information Architects: specializing in managed IT support for smaller, fast-growth companies in Greater Los Angeles. And have created cost-effective IT solutions, including managed IT support systems, for small business for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with organizations that include: the State of California, the Federal Bureau of Investigation (FBI), the Small Business Administration (SBA), SCORE, Women's Business Centers, and Small Business Development Centers. As well as providing small business technology education programs to business and professional associations.

Check out this blog post

"Cyber Security Check List That Will Underscore Your Potential Business Risks"