The Equifax hack is getting more mysterious.The credit reporting bureau admitted that a far more extensive assortment of data was “accessed” by hackers last year than previously acknowledged; but insisted not all of that info on 145.5 million Americans was actually stolen, according to a Jan. 2 letter it sent to Sen. Elizabeth Warren.
The company’s list of “accessed” data, obtained by The Post, includes:
passport numbers, Social Security numbers, first, last, and middle names and suffixes, gender, home addresses and phone numbers, driver’s license numbers, including the date the license was issued and the state issuing them, date of birth, credit card numbers, their expiration date and “CV2” security numberstax ID numbers, email addresses
Canadian customers also had their Social Insurance Numbers taken, according to the letter.
Perhaps the most sensitive new piece of data accessed by hackers in the 2017 cyberattack on Equifax is the passport numbers — but the company is insisting no passport numbers were stolen.
“The easiest way to understand this is that there was a field labeled passports with no actual data in it,” Meredith Griffanti, an Equifax spokeswoman, told The Post.
The confusion seems to be in the wording of the actual letter, which doesn’t make a distinction.
“These represent the data fields across attacker-accessed tables that were identified as potentially containing [personally identifiable information],” Equifax wrote in the letter to Warren, a copy of which was obtained by The Post.
The letter was in response to a list of questions the lawmaker had sent to Equifax.
The company, in the letter, cautioned that the kinds of data it listed were “not exhaustive,” but represent common elements in the “attacker queries.”
Previously, Equifax — which first learned of its hack in August but didn’t reveal it until September — had only informed the public that the stolen data “includes names, Social Security numbers, birth dates, addresses, and in some instances, driver’s license numbers,” as well as some credit card information for about 200,000 people, according to the company’s own website.
The new list of data accessed comes after Warren issued a report Wednesday on the Equifax hack. The report was the result of a four-month probe by the lawmaker.
In the report, Warren said hackers had “accessed” passport numbers.