On Friday, Equifax submitted a letter to several U.S. congressional committees providing additional detail on the data elements impacted in the 2017 cybersecurity incident. The additional detail provided in the statement, which Equifax said it was disclosing publicly in the interest of transparency, does not identify additional stolen data or newly impacted consumers, and does not require additional consumer notifications, the company said in a statement.
Equifax announced in September 2017 that the primary data stolen in the cybersecurity incident included names, Social Security numbers, birth dates, addresses and driver’s license numbers. In December, Equifax released the extensive list of data elements it had analyzed to Congress, and the company has now provided the approximate number of impacted U.S. consumers for each of those data elements.
In addition, the company has provided details on the images accessed by the attackers from Equifax’s dispute portal, the theft of which had been disclosed in the company’s September 2017 press release.