INSUBCONTINENT EXCLUSIVE:
Enlarge (credit: Smith Collection Gado/Getty Images)
On May 7, executives of Equifax submitted a "statement for the record" to the
Securities and Exchange Commission detailing the extent of the consumer data breach the company first reported on September 7, 2017
The data in the statement, which has also been shared with congressional committees investigating the breach, reveals to a fuller extent how
much personal data was exposed in the breach
Millions of driver's license numbers, phone numbers, and email addresses were also exposed in connection with names, dates of birth, and
Social Security numbers—offering a gold mine of data for identity thieves and fraudsters.
Equifax had already reported that the names,
Social Security numbers, and dates of birth of 143 million US consumers had been exposed, along with driver's license numbers "in some
instances," in addition to the credit card numbers of 209,000 individuals
The company's management had also reported "certain dispute documents" submitted by about 182,000 consumers contesting credit reports had
been exposed as well, in addition to some information about British and Canadian consumers.
But the exact details of the nature of these
documents and information had not been revealed, in part because Equifax felt it did not have a legal obligation to disclose those details
"With respect to the data elements of gender, phone number, and email addresses, US state data breach notification laws generally do not
require notification to consumers when these data elements are compromised, particularly when an email address is not stolen in combination
with further credentials that would permit access," Equifax's management asserted in the SEC letter.
Read 6 remaining paragraphs | Comments
