ATLANTA–The Equifax breach is even bigger than the original estimate that personally identifiable information on 143-million Americans had been breached. The company now says the actual number who were potentially exposed is closer to 145.5 million.
According to Equifax, the additional accounts were found during a forensic review by Mandiant, a cybersecurity firm it has hired to investigate the attack.
Information potentially breached by hackers includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.
The news about the additional exposure comes as Richard F. Smith, the CEO of Equifax until stepping down recently, has been testifying on Capitol Hill before several committees. In his testimony, Smith called for a “public-private partnership” to explore replacing the use of Social Security numbers for identification purposes, although he did not detail how that would work.
“The entire Equifax mess is one giant argument for serious changes in data security law at the federal level, starting with consumer notification,” said John McKechnie, senior partner with the Washington advocacy firm Total Spectrum. “And unwittingly or not, Equifax’s CEO makes that case in his testimony before Congress. What kind of business finds out about a cybercrime in July, and waits until September to tell consumers about it?”
In a statement, Paulino do Rego Barros Jr., who has been named interim CEO, said that he was advised that Mandiant had completed the forensic phase of its investigation and found the additional accounts that were potentially at risk.
“I directed that the results be promptly released,” Barros said in a statement. “Our priorities are transparency and improving support for consumers.”
Separately, Whole Foods Market has announced that it may have also suffered a data hack.
According to a statement from Whole Foods Market, the company recently received information regarding unauthorized access of payment card information used at certain venues such as taprooms and full table-service restaurants located within some stores.
“These venues use a different point of sale system than the company’s primary store checkout systems, and payment cards used at the primary store checkout systems were not affected. When Whole Foods Market learned of this, the company launched an investigation, obtained the help of a leading cyber security forensics firm, contacted law enforcement, and is taking appropriate measures to address the issue,” the company stated.
Customers of Amazon.com Inc., which owns Whole Foods, were not affected, Whole Foods said.