Sean Gallagher, Ars Technica:
On May 7, executives of Equifax submitted a “statement for the record” to the Securities and Exchange Commission detailing the extent of the consumer data breach the company first reported on September 7, 2017. The data in the statement, which has also been shared with congressional committees investigating the breach, reveals to a fuller extent how much personal data was exposed in the breach. Millions of driver’s license numbers, phone numbers, and email addresses were also exposed in connection with names, dates of birth, and Social Security numbers — offering a gold mine of data for identity thieves and fraudsters.
Equifax had already reported that the names, Social Security numbers, and dates of birth of 143 million US consumers had been exposed, along with driver’s license numbers “in some instances,” in addition to the credit card numbers of 209,000 individuals. The company’s management had also reported “certain dispute documents” submitted by about 182,000 consumers contesting credit reports had been exposed as well, in addition to some information about British and Canadian consumers.
A reminder that, instead of pushing for record fines and legal repercussions in the wake of the worst data breach in American history, the head of the CFPB — you know, the regulatory agency that’s responsible for financial industry oversight — doesn’t feel the need to proceed with his agency’s investigation into Equifax.