Equifax announced Monday that cybersecurity firm Mandiant completed the forensic portion of its investigation of the hack.
The firm said in the release that 145.5 million consumers might now potentially have been impacted by the data breach, 2.5 million more than previously estimated.
In September, Equifax reported a massive data breach, saying hackers may have accessed the personal details, including names and Social Security numbers, of more than 143 million consumers from mid-May to July. Equifax, which said it learned of the breach in late July, said credit-card numbers for about 209,000 people and certain documents for another 182,000 were also accessed.
The disclosure was swiftly met with criticism because of the delay in alerting the public to the hack, as well as problems with the website that Equifax set up for people to check whether their details were at risk.
The hack is being investigated by the Federal Trade Commission and has prompted promises for inquiries in both the Senate and House of Representatives.
Several Equifax officials have left the company since the hack’s disclosure. Richard Smith stepped down as chairman of the board and CEO last Tuesday. And before that, the company announced that the consumer-data firm’s CIO, David Webb, and its chief security officer, Susan Mauldin, were also retiring. Webb will be replaced by Mark Rohrwasser, who joined the company last year, Equifax said in an emailed statement. Mauldin will be replaced by Russ Ayres. Both Rohrwasser and Ayers have previously worked in Equifax’s IT division.
Equifax officials are also reportedly being investigated by the US Justice Department after selling stock before the company revealed a data breach that exposed the personal information of millions of Americans.
According to Bloomberg, the department is looking at sales by Equifax’s CFO, John Gamble; president of US information solutions, Joseph Loughran; and president of workforce solutions, Rodolfo Ploder. The three senior executives dumped almost $US2 million worth of stock days after the company learned of the breach, Securities and Exchange Commission filings show. An emailed statement from the credit-monitoring agency said the executives “had no knowledge” of the breach beforehand.
All the executives still owned thousands of shares of the company after the sales were completed, filings show.
Equifax shares dipped in after-hours trading after closing up 1.7% for the day. Shares have tumbled by about 24.5% since news of the hack broke through Monday’s close.