Equifax this week filed documents with Congress and federal regulators detailing the breadth of the massive data breach the company suffered last year.
While the outlines of the hacking were known, the filing was an attempt to pin down the number of files accessed in various categories.
According to the Equifax statements filed by the Atlanta-based company with the Securities and Exchange Commission and several Congressional committees, among the data accessed by the hackers:
• 146.6 million names
• 146.6 million dates of birth
• 145.5 million Social Security numbers
• 99 million addresses
• 20.3 million phone numbers
• 17.6 million driver’s license numbers
• 1.8 million email addresses
• 97,500 tax IDs.
The papers were filed, the company said, in response to government requests for information.
Equifax first announced the breach on Sept. 7. Over the next several months, the company periodically reported new categories of data that had been accessed. It also bore the brunt of angry Congressional questioning.
Company CEO Rick Smith retired under pressure. A new CEO was named in March. The company hired a new data security guru away from Home Depot. One of its rising star tech executives was charged with insider trading. Sen. Elizabeth Warren scalded the company in a report.
In the papers filed this week, the company said the consumer records had been stolen from “a number of database tables with different schemas.”
The company says it worked with Mandiant, a cybersecurity company, to determine which consumers had their personally identifiable information stolen. But in this week’s filings, Equifax said “the additional detail provided does not identify additional consumers affected and does not require additional consumer notifications.”