Equifax Data Breach – Passports Hacked!
The fallout from the great Equifax Data Breach 2017 just keeps getting worse. In a letter to the Senate Banking Committee, the credit bureau giant now admits a few thousand passports were stolen in the data hack. By passports, I mean that images the passports were hacked, not the physical books or cards themselves.
Through an longterm investigation of the data breach, Equifax found that 3,200 passports images were hacked. This does add to the number of people affected, but does increase the amount of information breached.
What is the Equifax Data Breach About?
The Equifax data breach initially involved an amazing 143 million US citizens and thier credit bureau information. One day later Equifax upped the numbers and reported that personal information of 400,000 UK residents had also been breached. A few months later that number was bumped up to 700,000 records hacked. Later in the year additional 2.4 million Americans were added to the list affected, bringing the total to its current total of 147.9 million
Besides the colossal numbers of customers affected, there was quite an issue with discovery and reporting. Hackers stole Social Security numbers, birth dates, and physical addresses. Some driver’s license numbers were also hacked.
The data breach occurred starting about mid-May 2017 and carried on until Equifax discovered the cyber security breach on July 29 of the same year. To make matters worse, Equifax officials did not announce the data breach to the public or regulatory officials until September 2017. Three Equifax Managers sold their stock in the company before the knowledge of the hack was made public. The issues did not stop there. Equifax set up a website so those affected by the breach could sign up for free credit monitoring and protection. Good, right? Except for that part where the credit report checker seemed rather random. This made it difficult to discern if someone had been hacked (or not!)
The New York State Attorney General found that Equifax, without mercy, forced users to agree to terms of service barring anyone who signed up for the free credit protection from ever suing over this incident.