Here's how the Equifax breach breaks down, by the numbers

Equifax said in a regulatory filing how much of its data sets were stolen in a 2017 breach.
Written by Zack Whittaker, Contributor

(Image: file photo)

Equifax has broken down exactly how much data was stolen -- by type -- in a massive data breach, which affected more than half of all Americans.

In a filing with the Securities and Exchange Commission this week, the credit rating giant revealed the data in response to several congressional committees investigating the breach, in which hackers stole over 146 million records.

Hackers exploited a vulnerability in a widely used open-source web server software that the credit rating giant later admitted it had failed to fix when patches were released months earlier.

Equifax said it had worked with cybersecurity firm Mandiant (which ZDNet confirmed shortly after the breach was revealed) to discover exactly what kind of data was taken.

According to the letter, here's that breakdown:

  • Names: 146.6 million
  • Dates of birth: 146.6 million
  • Social security numbers: 145.5 million
  • Addresses: 99 million
  • Genders: 27.3 million
  • Phone numbers: 20.3 million
  • Email addresses: 17.6 million
  • Driver's license State: 1.8 million
  • Driver's license numbers: 27,000
  • Tax identification numbers: 97,500
  • Credit card data: 209,000

The company also revealed that hackers breached an image storage server for its online dispute portal, which contained scans of information and documents uploaded from consumers disputing their credit reports. The company said victims were already informed and didn't warrant an additional notification to those affected.

Here's the breakdown of that:

  • Driver's licenses: 38,000
  • Tax identification documents: 12,000
  • Passports: 3,200
  • Other identification cards: 3,000

It's the latest twist in the long-running saga following the breach, which became the largest single data breach reported last year.

Equifax collects and holds data on more than 800 million consumers worldwide, and has spent 242.7 million on its incident recovery, as of its first quarter earnings.

Editorial standards