The company said in a statement that 15.2 million records -- some dating back to 2011 -- were stolen in the data breach.
The company had initially said the hack affected 400,000 UK customers, which revealed names, dates of birth, and email addresses, and phone numbers, but that postal addresses and passwords weren't affected.
Now, the company is saying that usernames, passwords, partial credit card details, and driving license numbers were also stolen.
The company wouldn't say if the passwords or any other data was encrypted or stored in plain text.
The UK government's National Cyber Security Center warned in its own statement that fraudsters may use information obtained from the breach to include real information to make phishing messages "look much more credible."
An Equifax spokesperson did not respond to a request for comment.