Equifax Says It Sent Wrong Letters to Some Consumers Affected by Hack

April 02, 2018

•

2 min read

Equifax Says It Sent Wrong Letters to Some Consumers Affected by Hack

This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. Terms apply to the offers listed on this page. For an explanation of our Advertising Policy, visit this page.

Equifax has confirmed that after its vast data hack in 2017, in which almost 150 million people had their personal information breached, it has been sending incorrect notification letters to a "small percentage" of affected consumers, the credit bureau told CNBC on Monday.

A glitch in the company's system led to a recent batch of notification letters that contained incorrect personal details for the consumers to which they were addressed. For instance, one consumer told CNBC he received a letter from Equifax that had the right address but the incorrect name.

The batch of botched notification letters was meant to inform those consumers whose partial driver's license numbers had been stolen by the hackers.

"As a result of ongoing analysis of data stolen in last year's cybersecurity incident, we announced on March 1 that we had confirmed the identities of U.S. consumers whose partial driver's license information had been taken and that we would notify these newly identified U.S. consumers directly," Equifax said in a statement to CNBC.

"We recently initiated this notification process by mail and have learned that a very small percentage of the notifications were sent to the wrong addresses due to the complex nature of determining the best address match to a consumer and, in some cases, mailing addresses on record may be out-of-date or incorrect," the statement continued.

The September 2017 data breach exposed consumers' sensitive information such as their names, Social Security numbers, birth dates, addresses, driver's license and credit card numbers. Earlier this year, Equifax also disclosed to the Senate Banking Committee that the hackers exposed additional consumer data, including tax identification numbers, email addresses and phone numbers. Plus, some smaller details, such as credit card expiration dates and driver’s license issuing state.

Shortly after the hack last year, Equifax also corrected the number of people affected, saying that in fact, 2.5 million more Americans than originally reported had their personal data stolen.

The company has offered free credit monitoring services for one year. Among other tips, experts recommend consumers freeze their credit.

The exact number of incorrect letters sent to consumers remains unclear, as Equifax declined to release the number, according to CNBC.