The hack that compromised Equifax was bad enough, but its response only seemed to make things worse. Even the website that verified the potential threat to your data left many people wondering. Equifax wants to remove any doubt, though. In the wake of a just-completed forensic investigation by security partner (and sometimes foe) Mandiant, Equifax has announced that it's mailing written notices to everyone who was confirmed as affected since it disclosed the hack on September 7th. That's no mean feat when 2.5 million more Americans have been added to the tally (which now stands at 145.5 million affected) as a result of the investigation. The website should reflect the additional hack victims no later than October 8th, so you might not have to wait for a letter to find out whether or not you're part of this newer batch.
There is some consolation if you live outside of the US. Investigators have determined that there weren't any compromised databases beyond American shores, and there are 'only' 8,000 potentially affected Canadians instead of the initial 100,000 figure.
The mailings may help address some of the mass confusion surrounding the Equifax breach, but they definitely won't offer much comfort to victims furious both at their compromised personal info and Equifax's poor handling of the situation. As former CEO Richard Smith will reiterate in Congressional testimony on October 3rd, Equifax knew about the vulnerability that led to the hack in March, and didn't patch it for months. The firm could have mitigated or avoided a lot of the damage, and its executives' behavior in the wake of the hack (including questionable stock trades and 'golden parachute' departures) haven't helped matters. All told, it's going to be a long while before there's any kind of proper resolution -- the letters help, but only a little.