After a forensic investigation by Mandiant, it was discovered that more Americans were affected by the Equifax breach than initially thought, bringing the total to 145.5 million.
A forensic investigation by cybersecurity firm Mandiant found that an additional 2.5 million US consumers were impacted by the Equifax data breach, the credit firm announced in a Monday press release. This brings the total number of affected Americans to 145.5 million.
"I was advised Sunday that the analysis of the number of consumers potentially impacted by the cybersecurity incident has been completed, and I directed that the results be promptly released," interim Equifax CEO Paulino do Rego Barros, Jr. said in the release. "Our priorities are transparency and improving support for consumers. I will continue to monitor our progress on a daily basis."
Additionally, while Equifax had originally projected that nearly 100,000 Canadians could have been affected by the breach, that turned out not to be the case. According to the release, the personal information of roughly 8,000 Canadian consumers was impacted.
Equifax noted in the release that it will mail notices to these potentially impacted consumers. The company will also update its online tool, which shows users whether or not they may be impacted, to reflect the new data by October 8, the release said.
The initial breach was first disclosed on September 7, when attackers gained access through a website vulnerability and compromised the personal data of 143 million Americans. However, executives had known about the breach for some time before that, and some had even traded stock before disclosing it to the public.
The company's response was rife with missteps, first establishing a data breach checker that was essentially useless. The firm then tweeted a link to a fake phishing site in an attempt to direct affected customers to their support site.
The only potential silver lining in all of this is that the breach could be the wake-up call needed to get enterprise executives to start taking cybersecurity more seriously. As TechRepublic columnist Matt Asay wrote, the cost for Equifax will be tremendous, and other CEOs might then start paying more mind to their security posture.
On Tuesday, Equifax's CEO at the time of the breach, Richard Smith (who has since stepped down), formally testified before the US House Committee on Energy and Commerce Subcommittee on Digital Commerce and Consumer Protection. That testimony is available to be read here.