Equifax finds 2.4 million more users affected by 2017 breach

This is the second time the credit reporting firm has raised the number of consumers affected since it first reported the hack.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Ry Crist Senior Editor / Reviews - Labs
Originally hailing from Troy, Ohio, Ry Crist is a writer, a text-based adventure connoisseur, a lover of terrible movies and an enthusiastic yet mediocre cook. A CNET editor since 2013, Ry's beats include smart home tech, lighting, appliances, broadband and home networking.
Expertise Smart home technology and wireless connectivity Credentials
  • 10 years product testing experience with the CNET Home team
Alfred Ng
Ry Crist
2 min read

Add 2.4 million people to the 145.5 million Americans affected by Equifax's breach. 

The 2017 massive data breach that hit nearly half the US population affected even more people than originally reported, the credit reporting firm revealed in a statement Thursday morning

Watch this: Equifax's massive data breach just got worse

Equifax has found an additional 2.4 million Americans whose names and partial driver's license information were stolen, but not included in original disclosures. The company said they weren't initially included because their Social Security numbers weren't stolen.  


The newly found affected users didn't have their Social Security numbers compromised, Equifax says.

Ian Knighton/CNET

The findings come as the company continues to sift through the damage with investigators to fully understand the scope of a catastrophic hack that lasted months and compromised the personal data of nearly half of the people in the US. 

Equifax said all affected users will be notified, and emphasized that these findings aren't the result of any new hacks.

"This is not about newly discovered stolen data," said Paulino do Rego Barros Jr., interim CEO at Equifax. "It's about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers, and making connections that enabled us to identify additional individuals."

The latest disclosure shows just how bad the company was hit. In September, initial reports said 143.3 million Americans were affected. By October, it had gone up to 145.5 million. The new total is 147.9 million. 

Sen. Elizabeth Warren, a Democrat from Massachusetts, called out the company on Feb. 9 in a letter to its executives. She said Equifax has issued "incomplete, confusing and contradictory statements," and failed to answer the "precise extent of the breach." 

Following the company's announcement Thursday, Warren wrote on Twitter that Equifax "can't be trusted." 

"Their mistakes allowed the breach to happen, their response has been a failure, and they still can't level with the public," she said. 

As new discoveries continue to trickle in from Equifax, it means more confusion for Americans who don't know if they're affected by the breach. When the company first announced the breach in September, its tool for consumers to check whether they were affected was completely broken. Some people put in fake names and Social Security numbers and Equifax told them they were affected. The tool also told people they were safe one day and then caught in the breach the next. 

See our guide on how to stay protected if you were affected by the breach

Update, 7:54 a.m. PT: To include details on Equifax and its breach. 

CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.

Blockchain Decoded:  CNET looks at the tech powering bitcoin -- and soon, too, a myriad of services that will change your life.