Equifax accused of not disclosing the full extent of last year's data breach

Equifax accused of not telling the whole truth about the data that was stolen when it was hacked last year

The Equifax hack may have exposed more data than first believed, according to the Wall Street Journal - or, at least, more than Equifax admitted at the time.

Last year, hackers were able to compromise the credit reference agency's systems and get access the personal information of up to 145 million Americans, as well as around 14 million British people.

They were able to steal social security numbers, driving licence numbers, addresses and dates of birth - everything required to perpetrate identity theft. But now it is feared that the hackers plundered even more data than the company publicly admitted.

New congressional documents show that the crooks also made off with tax identification numbers, issuance dates, email addresses and driver licence states.

Using this data, it is now easier than before for criminals to use victim's identities to apply for credit cards and to commit other types of identity fraud, using information that the victims never even consented to share with the company.

https://twitter.com/SenWarren/status/962371217113210880?ref\\_src=twsrc%5Etfw

On Friday, Democratic senator Elizabeth Warren wrote to Equifax slamming the company for providing "incomplete, confusing and contradictory statements" in the aftermath of the hack.

In a letter published on Friday, Warren briefed acting CEO Paulino do Rego on her investigation. She accused the company of failing to disclose the complete picture of the attack.

The US Senator has also lashed out at the company in a series of tweets. In one, she said: "In October, when I asked the CEO about the precise extent of the breach, he couldn't give me a straight answer. So for five months, I investigated it myself."

Another read: "My investigation revealed the depth of the breach and cover-up at Equifax. And since I published the report, Equifax has confirmed it is even worse than they told us."

Responding to the reports, a spokesperson for the firm branded the claims as "extremely misleading". But they admitted that more data had been leaked than the company had initially let on.

It is not the first time that Equifax has been accused of failing to tell the whole truth about the data breach. It initially claimed that only around 400,000 British people's details were compromised and that very little personal information had been lost. It later had to up that number to more than 15 million.

It also had to admit that it had been hacked five months earlier than it initially revealed.