In September 2017, Equifax announced that its systems had been breached on 29 July 2017 and the details of 143 million consumers had been compromised. That number was later increased to 145.5 million. Apart from this, 15.2 million British records were also reported to have been exposed.
At that time, the company said names, Social Security numbers, birth dates, addresses and, in some instances, driver's licence numbers were leaked. Credit card numbers for approximately 209,000 US consumers, and certain dispute documents with personal identifying information for approximately 182,000 US consumers, were said to have been accessed.
But this does not appear to have been the complete picture.
And a report by Democratic Senator Elizabeth Warren last week said that passport numbers had also leaked, a claim Equifax denied.
The WSJ said that it was not clear as to how many of the 145.5 million people had additional data stolen; the extra data included tax ID numbers which are allocated to people who do not have Social Security numbers.
Email addresses were also stolen, but an Equifax spokeswoman was quoted as saying "an insignificant number" was affected.
The spokeswoman said “additional driver’s licence information accessed other than the driver’s licence number was extremely minimal” and “anyone with a potentially affected driver’s license number” could check their status on an Equifax website.
A probe was launched into the breach by the Consumer Financial Protection Bureau, a Washington consumer watchdog, but that was recently shut down.
The interim head of the CFPB, Mick Mulvaney, did not offer any explanation for the closing down of the probe.