Equifax Admits 38,000 Driver Licences Stolen In Breach

Credit checking specialist Equifax has revealed more details about its hugely damaging data breach that was only reported in September last year, even though it had been discovered in late July 2017.

The additional details of the breach was revealed in letters sent to several US Congressional committees.

It comes after Equifax in March this year warned that its forensic examination revealed that more customers had their personal data compromised than first thought.

Compromised data

In March Equifax said that it was able to identify approximately 2.4 million US consumers whose names and partial driver’s license information had been stolen.

This was in addition to the 146 million US consumers, as well as nearly 700,000 UK consumers, that had their data stolen when the firm revealed its data breach to the world in September last year.

But Equifax in its letters to the US Congress has now revealed that about 38,000 driver’s licenses and 3,200 passports details had been uploaded to the portal that was hacked.

Other compromised personal data includes 146.6 million names, 146.6 million dates of birth, 145.5 million social security numbers, 99 million address information and 209,000 payment card number and expiration dates.

All of this type of information is incredibly valuable to criminal gangs.

Breach Fallout

The data breach at Equifax took place between mid-May through July 2017, and affected nearly half the population of the United States.

Its fallout has triggered multiple investigations across the world, and the credit monitoring firm was hauled up before the US Congress, where former CEO Richard Smith faced a serious grilling from US Senators.

And to make matters worse, it seems that a security researcher had already warned the firm about its vulnerability to a cyberattack six months before it actually suffered the breach.

The unnamed researcher couldn’t believe it when one particular Equifax website he found he was able to access access the personal data of millions upon millions of Americans (names, dates of birth, social security numbers etc).

The website in question apparently looked like a portal made only for employees, but was completely exposed to anyone on the internet.

It displayed several search fields, and anyone with no authentication could force the site to display the personal data of Equifax’s customers, the researcher reportedly said.

The researcher then notified the company of the flaw, but Equifax failed to act on the warning.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

14 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

15 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

16 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

18 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

21 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

21 hours ago