Equifax Says Some Passport Photos Were Stolen in 2017 Breach

Equifax has confirmed that thousands of consumers' passport photos were stolen in its September 2017 breach.

In a letter to the US Senate Banking Committee, lawyers representing the credit monitoring bureau acknowledged last week that hackers indeed took 3,200 passport photos from Equifax's database — a claim it had originally denied.

The number of consumers whose photos were stolen is a small fraction of the overall 148 million Americans impacted by the massive cyberattack — about 44% of US adults. Equifax says that the 3,200 photos taken does not affect new consumers, but those whose data was already breached in some form.

The pictures were part of the company's dispute portal, where consumers argue against errors in their credit reports.

Equifax first announced that consumers' sensitive information was taken in the sweeping cyberattack in September 2017, and both the number of people affected and the type of information stolen has been expanding consistently ever since.

The bureau first said the private data taken was consumers' names, Social Security numbers, birth dates, addresses, driver’s license and credit card numbers. That list of sensitive information has since grown to include tax identification numbers, email addresses and phone numbers. Plus, some smaller details, such as credit card expiration dates and driver’s license issuing state, which Equifax disclosed to the Senate Banking Committee earlier this year.

Now passport photos are also on that list.

Equifax also originally said 145.5 million Americans were affected by the breach — a figure that was later bumped up by 2.5 million in February to reach a whopping 148 million people with some type of data stolen.

In the wake of the hack, the company has offered free credit monitoring services for one year. Among other tips, experts recommend consumers freeze their credit.

H/T: NBC Washington