Equifax was able to identifyapproximately 2.4 million US consumers whose names and partial driver's license information were stolen, but who were not in the previously identified affected population discussed in the company's prior disclosures about the incident.
This is not the first time Equifax has expanded its estimate of the breach's impact, which initially was put at 143 million consumers.
Total costs of the breach, which compromised sensitive data of some 247 million consumers, could be "well over US$600 million", after including costs to resolve government investigations into the incident and civil lawsuits against the firm, he said.
The firm was also keen to stress that this was not newly stolen data. Instead, the 2.4 million new names had their identities and partial driver's license information stolen.
"Given the sensitive nature of the personal information that was stolen - and the ability of criminals to store and use that information for years to come - we believe that the millions of USA consumers whose personal information was compromised in the Equifax data breach should receive the most robust form of credit protection and identity theft services available", says the letter to Paulino Barros, Equifax's interim CEO. This was in part because forensics experts had determined that the attackers were predominately focused on stealing SSNs.
"This is not about newly discovered stolen data", said Paulino do Rego Barros Jr., Equifax's interim chief executive.
The company said it will notify the new victims directly.
Equifax noted in its filing that last year's breach probably emboldened more individuals and groups to target its systems, and a lot of work lies ahead monitoring, mitigating and improving security infrastructure.
"For example, some companies may soon be required to issue a public notification of data breaches within three days of a cyber-incident, but in some complicated cases the actual findings may continue to be identified for months", he said. It will be providing free identify theft and credit file monitoring services to help the individuals protect themselves against the potential risks. Additionally, the company offered free identity theft protection and credit file monitoring services to all US consumers regardless of whether or not they were impacted. If you are viewing this report on another website, it was illegally stolen and republished in violation of USA and worldwide copyright and trademark laws. 1,655,168 shares of the company's stock traded hands, compared to its average volume of 1,253,991.