Equifax said Tuesday that approximately 2.5 million additional U.S. consumers were potentially impacted by the security breach at the firm, for a total of 145.5 million.
“I was advised Sunday that the analysis of the number of consumers potentially impacted by the cybersecurity incident has been completed, and I directed that the results be promptly released,” newly appointed interim CEO, Paulino do Rego Barros, Jr. said.
Mandiant, the cybersecurity firm retained by Equifax to investigate the breach, advised the company Sunday that it has completed its forensic analysis of the consumers potentially impacted by the incident. The additional population of consumers was confirmed during Mandiant’s completion of the remaining investigative tasks and quality assurance procedures built into the investigative process.
With respect to potentially impacted Canadian citizens, the company previously had stated that there may have been up to 100,000 Canadian citizens impacted, but that number was preliminary and did not materialize. The completed review subsequently determined that personal information of approximately 8,000 Canadian consumers was impacted.
In addition, it also was determined that some of the consumers with affected credit cards announced in the company’s initial statement are Canadian.
“I want to apologize again to all impacted consumers. As this important phase of our work is now completed, we continue to take numerous steps to review and enhance our cybersecurity practices. We also continue to work closely with our internal team and outside advisors to implement and accelerate long-term security improvements,” Barros added.