Equifax has broken down exactly how much data was stolen -- by type -- in a massive data breach, which affected more than half of all Americans.
In a filing with the Securities and Exchange Commission this week, the credit rating giant revealed the data in response to several congressional committees investigating the breach, in which hackers stole over 146 million records.
Hackers exploited a vulnerability in a widely used open-source web server software that the credit rating giant later admitted it had failed to fix when patches were released months earlier.
Equifax said it had worked with cybersecurity firm Mandiant (which ZDNetconfirmed shortly after the breach was revealed) to discover exactly what kind of data was taken.
According to the letter, here's that breakdown:
Names: 146.6 million
Dates of birth: 146.6 million
Social security numbers: 145.5 million
Addresses: 99 million
Genders: 27.3 million
Phone numbers: 20.3 million
Email addresses: 17.6 million
Driver's license State: 1.8 million
Driver's license numbers: 27,000
Tax identification numbers: 97,500
Credit card data: 209,000
The company also revealed that hackers breached an image storage server for its online dispute portal, which contained scans of information and documents uploaded from consumers disputing their credit reports. The company said victims were already informed and didn't warrant an additional notification to those affected.
Here's the breakdown of that:
Driver's licenses: 38,000
Tax identification documents: 12,000
Other identification cards: 3,000
It's the latest twist in the long-running saga following the breach, which became the largest single data breach reported last year.
Equifax collects and holds data on more than 800 million consumers worldwide, and has spent 242.7 million on its incident recovery, as of its first quarter earnings.