Equifax Breach Deeper Than Originally Thought

New documents given to lawmakers show that the hack of Atlanta-based Equifax Inc. (NYSE: EFX) exposed more of consumers’ personal information than the company originally disclosed. The company previously said that the stolen information included names, Social Security numbers, birth dates, and addresses, along with some driver’s license numbers and credit card numbers. In a new document submitted to the Senate Banking Committee, the information accessed also included tax identification numbers, email addresses, and phone numbers.

Last September, it was disclosed that the personal information of 145.5 million consumers had been compromised in a data breach at the credit reporting company. The hackers reportedly exploited a website application vulnerability to gain access to the files. Equifax had waited months to disclose the hack. The unauthorized access occurred from May through July 2017.

Last year, the company disclosed only the information that affected the greatest number of consumers. Equifax spokeswoman Meredith Griffanti said “in no way did we intend to mislead consumers.,” and that the original list of vulnerable personal information was never intended to represent the full list of potentiality exposed information. Griffanti also said the newly disclosed information taken only impacted a small portion of consumers and that the total number of consumers affected is unchanged.

Equifax is one of the three national credit bureaus, along with TransUnion and Experian. The information gathered by the agencies is used by lenders to determine the risk of a potential borrower. Criminals can use personal information like what was stolen from Equifax to open bank accounts and lines of credit without the victim’s knowledge.

The breach has been called one of the largest and most significant data security lapses in history. Hundreds of consumer lawsuits have been filed as a result of the breach. The company also continues to deal with multiple regulatory investigations into the matter.

The company has made a string of missteps in recovering from the security breach. An Equifax website set up to help people provided inconsistent and unhelpful information. Anxious consumers experienced jammed phone lines and uninformed company representatives. In its latest response to the breach, Equifax has offered free credit freezes through June 30. Freezing your credit helps prevent new accounts being opened in your name.