Equifax has once again revised the number of people potentially impacted by 2017’s massive data breach, telling Congress that tens of thousands more could be compromised after hackers possibly obtained images of their driver’s licenses, passports, and other identifying papers.
The announcement, which the company has not previously revealed, is tied in with last September’s hacking incident, in which the Social Security information of 145.5 million Americans might have been compromised.
Equifax said hackers accessed photos of 38,000 driver’s licenses, 12,000 Social Security or taxpayer ID cards, 3,200 passports, and 3,000 other documents, such as military IDs or state-issued IDs.
The images were uploaded by consumers to the firm’s online dispute portal. That tool was put in place to let people dispute inaccuracies in their Equifax credit files.
The disclosure came via an SEC filing which provided more detail on the data elements stolen in the attack. Congressional committees received the information last Friday, according to the filing.
“The statement provided additional detail on the data elements stolen in the cybersecurity incident related to those U.S. consumers and was made in response to, and as part of the Company’s ongoing cooperation with, government requests for information,” Equifax wrote.
In the statement, the company also reconfirmed exactly how many people had been impacted, breaking it down by specific data elements.
Despite such tremendous losses, many companies have yet to change their habits. As of earlier this month, thousands of companies have continued to introduce the same security holes into their computer networks.