Equifax audit uncovers millions more victims of 2017 security breach

Equifax, one of the three major credit reporting agencies in the US, says the fallout from year's massive security breach affects at least 2.4 million more people than originally thought. That brings the tally to 147.9 million Americans.

How does 2.4 million names go unaccounted for during an initial audit? Equifax says the newly identified names were not included in the original disclosure because their social security numbers were not compromised. Instead, the 2.4 million new names had their identities and partial driver's license information stolen.

"This is not about newly discovered stolen data," said Paulino do Rego Barros, Jr., Interim Chief Executive Officer. "It's about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers, and making connections that enabled us to identify additional individuals."

Part of what's concerning is that the number keeps rising. As CNET points out, when the breach was initially reported last September, the number of affected individuals stood at 143.3 million. A month later that number rose to 145.5 million people, and now an additional 2.4 million names are being thrown into the pile.

Following the breach, Equifax put up a special page that allows people to check if they have been compromised. Equifax bumbled this as well at the time, as the tool initially returned positive results even for fake names and numbers. Presumably it works as intended now (we didn't receive any false positives when entering in fake information). Even if the tool previously said you were not affected, in light of the new disclosure, you might want to check again. You can do that by following this link, mashing the "Am I Impacted" button, and entering in your last name and last six digits of your social security number.

Unfortunately the tool does not say exactly what information was compromised, be it your social security number of partial driver's license data. And if you are affected, well, that sucks.

"We continue to take broad measures to identify, inform, and protect consumers who may have been affected by this cyberattack," Barros added. "We are committed to regaining the trust of consumers, improving transparency, and enhancing security across our network."

Equifax is currently in the process of notifying the 2.4 million additional names it identified. And for what it's worth, Equifax reiterates that consumers can download its Lock & Alert to quickly lock and unlock their Equifax credit report from a PC or mobile device.