On Friday, May 4, Equifax Inc. (NYSE: EFX) submitted a letter to several U.S. Congressional committees providing additional detail on the data elements impacted in the 2017 cybersecurity incident. The additional detail provided in the statement, which Equifax is disclosing publicly as part of its commitment to transparency, does not identify additional stolen data or newly impacted consumers, and does not require additional consumer notifications.
Equifax announced in September of 2017 that the primary data stolen in the cybersecurity incident included names, Social Security numbers, birth dates, addresses and driver’s license numbers. In December, Equifax released the extensive list of data elements it had analyzed to Congress, and as part of its commitment to transparency with consumers, regulators, elected officials and customers, the Company has now provided the approximate number of impacted U.S. consumers for each of those data elements. In addition, the Company has provided details on the images accessed by the attackers from Equifax’s dispute portal, the theft of which had been disclosed in the Company’s September 2017 press release.
Equifax is confident that the additional detail about the 2017 cybersecurity incident does not identify new stolen data or newly impacted consumers and does not require additional consumer notification.
Source: Equifax Press Release