Last month, reports surfaced that more information than previously thought may have been exposed in Equifax's massive data breach and today, Reuters reports, the has company confirmed it. Along with the 145.5 million individuals already reported to have been affected by the breach, Equifax says another 2.4 million were as well. However, their exposed data was limited to names and partial driver's license information. The company said that in most cases, home addresses as well as driver's license states, issue dates and expiration dates weren't included in the stolen data.
"This is not about newly discovered stolen data," Paulino do Rego Barros, Jr., Equifax's Interim CEO, said in a statement. "It's about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers and making connections that enabled us to identify additional individuals." Equifax said that because the attackers appeared to be focused on obtaining social security numbers, that's what their investigation centered on during its initial phases. These additional 2.4 million individuals didn't have their social security numbers stolen and were therefore not spotted earlier in the investigation.
Equifax says that the newly identified victims of the breach will be notified and will have free access to identity theft protection and credit monitoring services.