Ever since Equifax lost control of millions of Social Security numbers, driver's license numbers, names, birth dates and other sensitive personal information in a massive data breach last year, the credit-reporting firm has gradually upped its estimates of the number of people affected. First it was 143 million, then it was 145 million and finally 147 million.
This week, in a filing to the Securities and Exchange Commission, the company offered its most detailed analysis to date — disclosing not only how many consumers it believes were hit but also the breakdown of which types of information were most likely to have been stolen. Although the report does not identify new or additional victims, it marks the first time Equifax has provided such granular detail about the scope of the compromised data.
Names, dates of birth and Social Security numbers were by far the most common type of data stolen by the attackers, Equifax said. Then came mailing addresses, phone numbers and just under 2 million email addresses. Roughly 209,000 credit card numbers and card-expiration dates were taken.
Beyond the information stored in those databases, Equifax said the hackers accessed thousands of images of official documents — such as government-issued IDs — that people had uploaded to the company to prove their identity. Photos of as many as 38,000 driver's licenses and 12,000 Social Security or taxpayer ID cards were accessed, according to the SEC filing. More than 3,000 passports were also accessed, the company said.
The numbers do not cover the thousands of Canadians and Britons who were affected by the breach.