Equifax Data Breach Affected 2.4M More Victims, Company Says

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

An ongoing review of last year’s Equifax data breach has revealed millions more consumers than previously thought had their data exposed.

In an announcement last Thursday, Equifax said an additional 2.4 million persons whose names and partial driver’s license information were stolen in the breach but who had not been included in earlier analyses.

The new discovery brings the tally to 147.9 million consumers whose personally identifiable information was exposed in last year’s Equifax data breach.

The new victims were discovered through an analysis of company records that were not exposed in the Equifax data breach, with the help of a third-party data provider. The investigation has yet to reveal the identity of the hackers. In most cases, Equifax says, the exposed driver’s license information did not include the victim’s home address, state or date of license issuance, or license expiration date.

This subset of victims escaped previous analyses of the Equifax data breach, which focused on victims whose Social Security numbers were stolen. Investigators determined that the hackers were most interested in acquiring Social Security numbers. Social Security numbers were not included in the stolen driver’s license information for the new group of victims.

Interim CEO Paulino do Rego Barros Jr. said in a statement that the newly-identified victims were connected to the known stolen data in the course of the investigation. No new stolen data has been discovered, Barros says.

Equifax says it will notify these newly-discovered data breach victims via mail. The company will offer free credit monitoring and identity theft protection. Information about these services will be included in the notification.

The Equifax data breach was announced in September 2017. Sometime between May and July of that year, hackers were reportedly able to exploit a security flaw in software used to create web applications. The hackers stole records pertaining to millions of consumers – records containing names, birthdates, Social Security numbers, email addresses, credit card numbers, and driver’s license numbers.

Consumers responded quickly with a volley of Equifax class action lawsuits. Plaintiffs say Equifax discovered the breach in July 2017, months before the September 2017 announcement. They allege the company unreasonably delayed announcement of the breach while millions of consumers’ credit information went dangerously exposed.

The plaintiffs also pointed out that Equifax executives dumped around $1.8 million worth of Equifax stock in August 2017, just before the breach was announced.

In addition to private litigation, Equifax is also under investigation by several states’ attorneys general. New York Attorney General Eric Schneiderman has denounced an arbitration clause in Equifax’s terms of service that purports to prevent affected persons from filing an Equifax class action lawsuit. Schneiderman says the clause is “unacceptable and unenforceable.”

Equifax has since clarified that the arbitration clause applies to its Trusted ID Premier service and is not intended to apply to matters related to the Equifax data breach.

Last month, documents submitted to the Senate Banking Committee revealed the Equifax data breach exposed more information than initially announced. Investigation of the breach revealed the hackers gained access to other Equifax company records, in addition to information on individual consumers. Hackers purportedly made off with tax identification numbers, drivers license issuing states, and credit card expiration dates.

UPDATE: On July 30, 2018, Equifax Inc. asked a Georgia federal judge to dismiss claims brought by 10 small businesses in a massive data breach class action lawsuit because businesses cannot bring claims based on the alleged injuries of the business owners.

UPDATE 2: July 2019, a website has been established to inform Class Members of their rights under a $700 million Equifax data breach class action settlement.

UPDATE 3: July 2019, the Equifax data breach class action settlement is now open. Click here to file a claim.

UPDATE 4: On Nov. 19, 2019, the class action watchdog Center for Class Action Fairness filed an objection to the Equifax data breach class action settlement, claiming that the attorney fee request should be reduced and that the settling parties suppressed the claims process.

UPDATE 5: On Dec. 20, 2019, a federal judge gave a $425 million Equifax class action settlement final approval despite objections from consumer advocacy groups.