More Than One-Third of Equifax’s UK Records May Have Been Exposed

Equifax has done it again.

The credit rating company revealed today (Oct. 10) that a file containing 15.2 million UK records—more than one-third of the 44 million country’s residents that it collects information—was accessed during the massive breach disclosed in September, reports the Financial Times.

The company has determined that of the 15.2 million, 693,665 records are actually at risk of being compromised. Nearly 15,000 contained sensitive information, such as passwords and partial credit card information, and nearly 30,000 had driver’s license numbers compromised, Equifax said. The majority of affected individuals had their phone numbers accessed.

The total figure of impacted records in the UK is a significant increase from Equifax’s initial estimate of 400,000. In its statement on September 7, it mentioned that only “limited personal information for certain UK and Canadian residents” had been accessed. It’s another lesson in how you can never trust the first numbers released about a data breach.

Separately, the Wall Street Journal, citing people familiar with the matter, reported that the breech compromised the driver’s license data for roughly 10.9 million Americans. Depending on the origin state of a license, such data could include the name, date of birth, home address, and personal details such as height and eye color of the license holder—enough for hackers to attempt committing fraud.

Updated (Oct. 10, 2017 4:30pm): This article now includes additional reporting from the Wall Street Journal.