The Equifax breach may have exposed more personal information of customers than previously thought.
Additional information, including tax IDs and driver’s license details, may have been accessed in a hack that affected 145.5 million customers, according to confidential documents Equifax provided to the Senate Banking Committee seen by CNN.
The disclosure follows Equifax’s original announcement of the breach in September, which compromised sensitive data like names, date of birth, Social Security numbers and home addresses.
In its original announcement of the hack, the company had revealed that some driver’s license numbers were exposed. The new documents show that the license state and issue date might have also been compromised.
Equifax spokesperson Meredith Griffanti told CNNMoney Friday that the original list of vulnerable personal information was never intended to represent the full list of potentiality exposed information.
The new documents now raise questions of how much information hackers may have accessed in Equifax’s cyberattack.
Democratic Senator Elizabeth Warren on Friday sent a letter to CEO Paulino do Rego Barros Jr. on the incomplete information provided to Congress following a story in The Wall Street Journal.
“As your company continues to issue incomplete, confusing and contradictory statements and hide information from Congress and the public, it is clear that five months after the breach was publicly announced, Equifax has yet to answer this simple question in full: what was the precise extent of the breach?” Warren wrote in the letter.
In its response to lawmakers, Equifax said the pieces of information compiled is “not exhaustive,” but represents common personal information that hackers usually search for.
Criminals can use personal information like this to open bank accounts and lines of credit, like a credit card or mortgage, without the victim’s knowledge.
“The more information scammers have about you, the easier it is for them to impersonate you,” said Lauren Saunders, associate director at the National Consumer Law Center. “And the easier it is for them to get by the protocols that banks and others use to make sure they are dealing with the right individual.”
The unauthorized access occurred from May through July 2017. The hackers exploited a website application vulnerability to gain access to the files, according to the company.
Equifax is one of the three national credit bureaus, along with TransUnion and Experian. The agencies gather information on individuals to create credit reports, which lenders use to determine the risk of a potential borrower.
The agencies gather the information to create the reports from a slew of different sources, including banks, credit card companies, retailers and public records.
Federal agencies, state officials and members of Congress are currently probing Equifax over its data security practices, customer service response and the possibility of insider trading from executives.
In response to the breach, Equifax offered free credit freezes through June 30. Freezing your credit helps prevent new accounts being opened in your name. Keep in mind that if you actually need a home loan, new credit card or want to open a bank account, the freeze will need to be lifted.
Consumers wondering if they were affected by the breach can check here.