• Equifax on Monday evening disclosed up-to-date details on its massive 2017 security breach.
  • It was worse than we thought.
  • Millions more people than originally reported had their details exposed; 56,200 passports, drivers’ licenses, and other documents were also affected by the hack.

Equifax, the credit agency targeted by an infamous hack that exposed the personal data of nearly half of the population of the United States, revealed more details about the incident in a federal filing on Monday evening.

The upshot: The breach was worse than Equifax originally said.

The company originally said 143 million customers were affected; now, after reviewing all the affected data, Equifax says that it was 146.6 million people who had their name and date of birth exposed, and 145.5 million of those who had their Social Security numbers exposed.

Further, 27.3 million people had their gender exposed, 20.3 million had their phone number exposed, and 1.8 million people had their email addresses exposed. In the filing, Equifax expressed its view that under the law, this information wasn’t considered sensitive enough to warrant a new notification to customers.

Also troublesome for consumers is that Equifax announced the scale of the leak, when its online resolution portal - where customers can dispute items in their credit report - was breached in September.

This means that 56,200 passports, drivers' licenses, security cards, taxpayer IDs, and other personal documents were also leaked. Equifax says in the filing that it notified customers affected by this breach individually and wasn't required to do a broad disclosure upon delivery.

Here are the key charts, taken from the SEC filing:

equifax sec chart 1

Foto: source Equifax/SEC

equifax chart 2

Foto: source Equifax/SEC