Credit monitoring firm Equifax has admitted that the huge data breach it suffered earlier this year impacts more customers than was previously thought.
A forensic investigation carried about by cybersecurity firm Mandiant could not find any evidence of new attacks or attacker activity but did discover that 2.5 million additional people were implicated.
This brings the total number up to 145.5 million – or half the population of the USA.
The UK investigation has also been completed, but no details were released as the information is still being analysed.
Last month, Equifax said 400,000 UK consumers were affected, even though the firm’s British systems were not hacked. Instead, a “process error” meant some British data was stored in the US.
Equifax said it was unlikely that the breach would lead to identify theft, but it would be offering support and identity protection services to any UK resident affected. The company said it is working with the Financial Conduct Authority (FCA) and the Information Commissioner’s Office (ICO).
The forensic investigation has confirmed that none of Equifax’s databases outside the US were breached, with the company previously attributing the hack to a web server vulnerability.
The catastrophic incident took place between mid-May and July of this year and has seen former CEO Richard Smith quit his job, following the departures of the firm’s CIO and CSO, and the company lose more than a quarter of its value.
Equifax was criticised for its confusing response to the hack and for waiting a month before informing clients. A class action lawsuit has been filed accusing it of negligence, while the US Senate committee on banking, housing and urban affairs is set to hold a hearing on the matter on 4 October and Smith is still scheduled to testify before it.
Several top executives allegedly sold shares worth $1.7 million (£1.3m) a few days before the hack was announced, something also reportedly being investigated by federal authorities.
“I was advised Sunday that the analysis of the number of consumers potentially impacted by the cybersecurity incident has been completed, and I directed that the results be promptly released,” said newly appointed interim CEO, Paulino do Rego Barros, Jr.
“Our priorities are transparency and improving support for consumers. I will continue to monitor our progress on a daily basis.
“I want to apologise again to all impacted consumers. As this important phase of our work is now completed, we continue to take numerous steps to review and enhance our cybersecurity practices. We also continue to work closely with our internal team and outside advisors to implement and accelerate long-term security improvements.”
Do you know all about security in 2017? Try our quiz!
Tesla lays off software, service, engineering staff after disbanding Supercharger team, as major cull continues
Dominant Bitcoin ETF Grayscale Bitcoin Trust shows first net inflow since January as investors flock…
US campaign funding groups backed by cryptocurrency sector raise more than $102m as firms seek…
Explore the cutting-edge realm of cybersecurity with 'A New Age of Cybersecurity' podcast. Learn how…
Robinhood Markets says it received SEC enforcement notice over cryptocurrency trading platform amidst ongoing crackdown
Chip designer Synopsys to sell software integrity unit to private investors to create new independent…