What to Know
- Nearly 150 million people had information stolen in the Equifax breach last year
- Far fewer passport images were stolen: just 3,200, according to a letter sent to the Senate Banking Committee
- "After first denying the exposure of passport numbers, Equifax is finally coming clean," Sen. Elizabeth Warren said
Equifax acknowledged a relatively small number of passport images and information were stolen as part of last year's security breach, despite previously denying such a thing occurred.
The credit monitoring company said 3,200 passport images were stolen last year, according to a letter sent last week by lawyers representing Equifax to the Senate Banking Committee. That's compared to the 148 million individuals that were impacted by the overall breach.
Equifax originally disclosed the breach back in September. Subsequent disclosures show that more information had been stolen that originally reported. Originally Equifax said 145.5 million Americans were impacted, and earlier this year added an additional 2.4 million Americans to the list who had some non-identifying information stolen, bringing the total to 147.9 million.
U.S. & World
The passport images stolen are not new individuals impacted by the breach, Equifax said, but instead are part of the original figure disclosed to the public last year. The images were found in what's known as the company's dispute portal, which was a website individuals used to dispute errors in their credit report.
The first signs that other pieces of personally-identifiable information were stolen by the attackers came as part of an investigation done by Senator Elizabeth Warren, D-Massachusetts. Personally-identifiable information, also called PII, is information specific to a particular person that could be used in identity theft, like a Social Security number, birthdate, mother's maiden name, etc. During Warren's investigation, Equifax did not acknowledge that passport information specifically had been stolen but did acknowledge that additional PII had been potentially compromised.
"After first denying the exposure of passport numbers, Equifax is finally coming clean," Warren said in a statement.