Equifax admitted this week that an additional 2.4 million Americans were impacted by the 2017 breach that exposed over 140 million Americans to identity theft.
This brings the grand total to roughly 147.9 million people.
Unlike the first group of consumers, potential data stolen from the second group is limited to names and partial Driver’s License Numbers.
With the first group, hackers had access to names, birth dates, addresses, DLNs, and Social Security numbers. Despite the high risk of identity theft to those affected, Equifax waited six weeks to report the breach.
Now, the company says it will contact all 2.4 million of the additionally affected people and offer the same credit monitoring and identity theft protection services it has been providing for the original victims – although why these people trust Equifax for protection is beyond me.
Equifax could actually be making money on the breach, claimed Massachusetts Senator Elizabeth Warren after introducing legislation aimed to prevent future attacks and hold credit bureaus accountable when a breach occurs.
“The financial incentives here are all out of whack,” says Warren. “Equifax allowed personal data on more than half the adults in the country to get stolen, and its legal liability is so limited that it may end up making money off the breach.”
If passed, Warren’s bill would give the FTC the authority to inspect companies like Equifax and fine them if they fail to protect consumers’ information.
“Equifax…sells all these credit protection devices, and even consumers who say, ‘Hey, I’m never doing business with Equifax again’ – well, good for you, but you go buy credit protection from someone else, they very well may be using Equifax to do the back office part.”
Editor’s note: Will someone punish these guys for their poor security? Computer security is not rocket science, but you don’t put a music major in charge.