That brings the total number of people whose personal information such as driver’s license numbers, addresses, and social security numbers were stolen to 147 million — close to half the U.S. population, Reuters reported.
The credit rating firm said it will notify affected consumers directly, offering them free identity theft protection and credit monitoring services. Only the names and driver’s license numbers of newly-identified victims were compromised.
The news comes more than seven months after the breach was discovered on July 29 and more than nine months after hackers broke into the Equifax system through a web-application vulnerability. It was later discovered that the breach was entirely preventable. A patch had been issued for the vulnerability two months prior to the attack, but Equifax had failed to update its system.
Analysts are predicting Equifax will be the mostly costly breach in history, with expenses potentially topping $600 million after the firm pays for government investigations and settles civil lawsuits, Reuters also reported.
Breach-related costs totaled $164 million in the second half of 2017, and Equifax is expecting to spend another $275 million this year. The company’s cyber security insurance will cover about $125 million of the total cost.
Along with the financial burden and a major blow to its reputation, the breach caused a shakeup in leadership. CEO of 12 years Rick Smith stepped down after the breach. Not long after it was announced that Chief Information Officer David Webb and Chief Security Officer Susan Mauldin had retired.
Equifax continues to work with the FBI in investigating the breach. Click below to learn more about Teramind.