It almost doesn’t seem possible at this point, but Equifax has revealed that 2.4 million additional Americans were affected by its data breach last year.
These 2.4 million American consumers had “much less personal information stolen” than those already known to be affected by the breach, CNBC reports. Only names and “partial” driver’s license numbers were stolen in this particular case, which makes these Americans a bit “luckier” than the many others who had their Social Security numbers (and other possible pieces of identifying information) compromised.
It’s hard to believe more Americans could still be added to the already substantial number of more than 145 million U.S. consumers affected, as early estimates claimed the breach may have affected “virtually all” American adults. A February report revealed that even more personal information was revealed in the breach than was initially believed.
To top it off, Sen. Elizabeth Warren (D-Mass.) told Marketplace Tech that “Equifax may actually make money off this breach” due to sales from its credit protection offerings. Warren’s office has released a new report about the breach titled “Bad Credit.”
In other data breach news, a few smaller incidents have recently come to light. The U.S. Marine Corps Forces Reserve has leaked the personal information of more than 21,000 “Marines, sailors and civilians,” including bank account numbers. According to Marine Corps Times, “an unencrypted email with an attachment containing personal confidential information was sent to the wrong email distribution list Monday morning.”
That attachment “included highly sensitive data such as truncated social security numbers, bank electronic funds transfer and bank routing numbers, truncated credit card information, mailing address, residential address and emergency contact information.”
And in an incident seemingly contained to one store in Millville, New Jersey, Shoprite said nearly 10,000 pharmacy customers were exposed to a possible data breach, NJ.com reports. An electronic device used to record transactions was thrown out last year, and that device may have contained names, phone numbers, birthdates, zip codes, and prescription information.
Though this only may have affected one pharmacy location, the device contained information on customers from between 2007 and 2013 — so anyone who received even one prescription from the store within a six-year period may have been affected. It’s possible no malicious actors have gained control of this information, but it also shows how one simple error could cause a possible data breach to occur.