MANILA, Philippines – Consumer credit reporting agency Equifax, in a statement sent to the US Securities and Exchange Commission (SEC), revealed just how much data was exposed in its September 2017 breach.
According to the statement issued on Monday, May 7, there were 146.6 million names and birthdates affected.
Here’s a breakdown of the other data exposed:
- 145.5 million social security numbers
- 99 million addresses
- 27.3 million people’s gender information
- 20.3 million phone numbers
- 17.6 million driver’s license numbers
- 1.8 million email addresses
- 209,000 credit card numbers
- 97,500 tax identification numbers
- 27,000 driver’s license data on US states
Equifax also explained that a large number of “dispute documents” were taken. Dispute documents refer to personal identification documents uploaded as images to Equifax, and these include the following:
- 38,000 driver’s licenses
- 12,000 social security or taxpayer ID cards
- 3,200 passports or passport cards
- 3,000 instances of other personally identifiable information, which may include military IDs, state-issued IDs, and resident alien cards
The information was not in a centralized database, but rather taken from a number of disparate databases.
Equifax explained, “The attackers stole consumer records from a number of database tables with different schemas, and the data elements stolen were not consistently labeled.”
Though Equifax did not share any connections in the data types exposed, it’s possible that some people had multiple data points taken.
Names, addresses, social security numbers, birthdates, and driver’s license numbers are capable of posing a significant identity theft risk, however, and data for phone numbers and email addresses can also put other users at risk of phone scams or online email phishing tactics. – Rappler.com