The personal data of over 145.5 million Americans have been breached, according to new figures released by tech firm Equifax
Previous reports on the personal data breach at Equifax put the figure at 143 million.
Now, the former boss of the company, Richard Smith, is due to testify before Congress as it has been revealed that an additional 2.5 million Americans also had their information stolen.
It is also believed that 400,000 Brits and 8,000 Canadians could also have had their personal data breached.
Critics are saying the company did not act sufficiently to prevent information such as Social Security numbers, birth dates, and addresses from being hacked, and waited too long to inform people what had happened.
The firm has been heavily criticised after the breach.
The company handles the data of over 820 million people and 91 million business and requires people to waive their right to sure.
The company claimed this only applied in the case of credit monitoring services and not damage caused by data breaches.
Repurcussions
Smith has accepted responsibility for the attack, attributing it to ‘human error and technology failures’.
He called it a ‘devastating experience’ and said that blame starts ‘at the top’.
The breach was caused by a bug in the Apache Struts systems used by Equifax, a vulnerability which was not picked up on in time.
Scans on the company’s software in March also failed to catch the bug, and security experts say it would only pick it up if directed to the specific URl.
Smith said: “I understand that Equifax’s investigation into these issues is ongoing.”
“The company knows, however, that it was this unpatched vulnerability that allowed hackers to access personal identifying information.”
After the news broke, Equifax put together a ‘robust package of remedial protections’ and Smith resigned as the CEO of the company.
The company is offering free credit monitoring, access to credit files, and an insurance service which will cover expenses for those affected.
There is still no word of how customers outside the US will be compensated but the company are promising to ‘work tirelessly’ to fix all issues.
