Slashdot Mirror

← Back to Stories (view on slashdot.org)

Equifax's Data Breach By the Numbers: 146 Million Social Security Numbers, 99 Million Addresses, and More (theregister.co.uk)

Posted by BeauHD on from the take-a-deep-breath dept.

Several months after the data breach was first reported, Equifax has published the details on the personal records and sensitive information stolen in the cybersecurity incident. The good news: the number of individuals affected by the network intrusion hasn't increased from the 146.6 million Equifax previously announced, but extra types of records accessed by the hackers have turned up in Mandiant's ongoing audit of the security breach," reports The Register. From the report: Late last week, the company gave the numbers in letters to the various U.S. congressional committees investigating the network infiltration, and on Monday, it submitted a letter to the SEC, corporate America's financial watchdog. As well as the -- take a breath -- 146.6 million names, 146.6 million dates of birth, 145.5 million social security numbers, 99 million address information and 209,000 payment cards (number and expiry date) exposed, the company said there were also 38,000 American drivers' licenses and 3,200 passport details lifted, too.

The further details emerged after Mandiant's investigators helped "standardize certain data elements for further analysis to determine the consumers whose personally identifiable information was stolen." The extra data elements, the company said, didn't involve any individuals not already known to be part of the super-hack, so no additional consumer notifications are required.

4 of 69 comments (clear)

  1. Detterant by Anonymous Coward · · Score: 5, Insightful

    It's a good thing all those executives went to prison so corporations will start taking security seriously.

    Oh wait.

    1. Re:Detterant by ShanghaiBill · · Score: 4, Insightful

      It's a good thing all those executives went to prison so corporations will start taking security seriously.

      Sending people to prison for incompetence is silly. America already has far more people in prison than China, Russia or Iran, and four times the incarceration rate of the developed country average.

      Non-violent offenders do not belong in prison. For instance, Equifax executives could wear tracking anklets and spend 60 hours a week changing bedpans in nursing homes for the next 10 years. The cost to the taxpayers would be negligible, they would be doing useful work, and they may be back below their level of incompetence.

  2. charge them for the privilege by supernova87a · · Score: 3, Interesting

    I keep saying, the following penalty scheme imposed on companies will clean up data breaches right quick:

    $1 per name, email, physical address
    $2 per phone number
    $3 per credit card number
    $4 per SSN

    And multiply for combinations thereof. You'll see how fast companies move to secure their data.

  3. Re:Just post every SSN by ShanghaiBill · · Score: 4, Funny

    Why do financial institutions seem to insist that Social Security numvers are a secret code? The government should just publish ALL of the SSNs

    That is the way it works in many countries: Your citizenship number is public information.

    Many have a separate changeable PIN for authentication.

    The American system of making the same number both semi-public and secret is unique.

    If 10% of the population went on record and disclosed their SSNs publicly it would shut down the SSN as a 'secret code.'

    Equifax has already done this as a public service. Good for them.