Credit monitoring firm Equifax has admitted that the huge data breach it suffered earlier this year impacts more customers than was previously thought.
A forensic investigation carried about by cybersecurity firm Mandiant could not find any evidence of new attacks or attacker activity but did discover that 2.5 million additional people were implicated.
This brings the total number up to 145.5 million – or half the population of the USA.
The UK investigation has also been completed, but no details were released as the information is still being analysed.
Last month, Equifax said 400,000 UK consumers were affected, even though the firm’s British systems were not hacked. Instead, a “process error” meant some British data was stored in the US.
Equifax said it was unlikely that the breach would lead to identify theft, but it would be offering support and identity protection services to any UK resident affected. The company said it is working with the Financial Conduct Authority (FCA) and the Information Commissioner’s Office (ICO).
The forensic investigation has confirmed that none of Equifax’s databases outside the US were breached, with the company previously attributing the hack to a web server vulnerability.
The catastrophic incident took place between mid-May and July of this year and has seen former CEO Richard Smith quit his job, following the departures of the firm’s CIO and CSO, and the company lose more than a quarter of its value.
Equifax was criticised for its confusing response to the hack and for waiting a month before informing clients. A class action lawsuit has been filed accusing it of negligence, while the US Senate committee on banking, housing and urban affairs is set to hold a hearing on the matter on 4 October and Smith is still scheduled to testify before it.
Several top executives allegedly sold shares worth $1.7 million (£1.3m) a few days before the hack was announced, something also reportedly being investigated by federal authorities.
“I was advised Sunday that the analysis of the number of consumers potentially impacted by the cybersecurity incident has been completed, and I directed that the results be promptly released,” said newly appointed interim CEO, Paulino do Rego Barros, Jr.
“Our priorities are transparency and improving support for consumers. I will continue to monitor our progress on a daily basis.
“I want to apologise again to all impacted consumers. As this important phase of our work is now completed, we continue to take numerous steps to review and enhance our cybersecurity practices. We also continue to work closely with our internal team and outside advisors to implement and accelerate long-term security improvements.”
Do you know all about security in 2017? Try our quiz!
Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…
Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…
Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…
While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…
Shares in Donald Trump’s social media company rose about 16 percent after first day of…
Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…