Credit-reporting agency Equifax has revealed new details this week about the personal data of customers exposed in last year’s data breach.
In response to questions raised by members of US Congress, Equifax released several figures related to the stolen information, which had not previously been reported. In addition to the 700,000 UK customers affected and the 145.5 million Americans whose social security information was exposed by the breach, the company said, tens of thousands may have impacted after images of their driver’s licenses, passports, and other identifying papers were accessed.
According to a report filed by Equifax on Monday, the hackers responsible accessed data collected through the firm’s online dispute portal, which provides customers a means to dispute inaccuracies in their Equifax credit files. The portal requires users in some instances to upload photocopies of identity papers and Social Security information.
The breached dispute portal database, according to Equifax, contained as many as 38,000 driver’s licenses; 12,000 Social Security or taxpayer ID cards; 3,200 passports or passport cards; and 3,200 other government-issued identification documents, such as military IDs, state-issued IDs, and resident alien cards.
In total, as many as 182,000 US consumers images uploaded to the dispute database. However, the documents do not identify any additional consumers affected, Equifax said, and the company previously made attempts to notify the customers through direct mail.
Equifax additionally released to Congress a table breaking down the different data elements stolen and the approximate number of Americans affected.
Last week, Equifax shareholders voted to re-elect the agency’s board members, including three who served on the company’s technology committee at the time of the breach. Although the board members retained their positions, more than a third of the shareholders voted for them to step down.