Equifax breach included data on 10.9 million driver’s licenses

No wait, it gets worse for Equifax: The massive data breach announced last month by the company apparently included driver’s license data for nearly 11 million Americans.

The information, which could make it easier to commit identity theft and other fraud, was part of the breach first announced Sept. 7, according to the Wall Street Journal, which quoted “people familiar with the matter.”

That breach, which Equifax eventually said involved information about 145 million people, has put the Atlanta-based company in the national spotlight and in the crosshairs of consumer anger.

News about the driver’s licenses will add to the taint on the firm’s reputation.

“This adds to the situation even if it doesn’t change the scope of the problem,” said Kevin Crowley, adjunct professor of finance at Emory University’s Goizueta School of Business. “Incrementally, the situation just keeps getting worse.”

Equifax did not respond to several inquiries from The Atlanta Journal-Constitution Wednesday.

The company had previously said that the theft had involved driver’s license information, but did not say how many. Since then, Equifax has privately told its corporate clients – mainly financial institutions – that data for 10.9 million licenses were taken, the Journal reported.

Personal and financial information is valuable – to both legitimate firms and crooks alike. The protections used by companies and consumers are simply inadequate, Crowley said. “It’s an arm’s race between security and hackers and we are losing the war.”

Companies must ramp up their defenses, he said. “It has created a vulnerability for our society. It is unacceptable.”

Equifax has managed the news as badly as it managed its data protection, wrote security expert Brian Krebs on his blog.

Consumers were, for a time, directed to a phony web site. Several top executives left the company in the days after the breach was announced, including two who had sold stock in August, after the company had discovered the breach but before it was made public.

CEO Richard Smith also retired, but then testified before Congress, sitting through a bipartisan condemnation.

This week, Equifax announced that the breach included data on 15.2 million people in Britain, then stumbled with an attempt to help consumers deal with their concerns, according to Krebs.

“It’s fairly terrifying when you realize that a company, which can’t even issue a press release without managing to omit the most important piece of information in it, wields so much power over consumers,” Krebs wrote. “I’ve been spending quite a bit of time looking at Equifax’s various Web properties … and I have to say it gets scarier the more I look.”

A driver’s license is often used to confirm a consumer’s identity, to verify spending, to apply for a new credit card or obtain a boarding pass at the airport.

A consumer can protect him or herself somewhat by asking a state’s motor vehicle bureau to cancel the license and issue a new one – a nuisance and an expense, but at least partial protection.

The larger danger is that the information stolen from Equifax can be used to forge a new identity. A license, for example, typically provides personal information that includes a name, addresses, height, weight and eye color, hair color and birth date.

Equifax has offered a year of free credit monitoring, but a consumer must act to sign up.

More than 60 million Americans checked their credit score or credit report in the first two weeks after the Equifax breach was announced, according to CreditCards.com.

But even more – about 71 million adults – seemed not to have heard anything at all about the breach, the survey said.

For consumers, the latest news is a clear message, said Matt Schulz, senior analyst for CreditCards.com: Do not grow complacent just because nothing bad seems to happen for a few weeks or months after a breach.

Every consumer should be diligent, regularly checking their credit and financial statements, he said. “The bad guys can be really patient. It is important everybody understand that.”

The huge amount of data amassed by companies like Equifax is an essential piece of the modern financial system. It also makes for an enticing and potentially lucrative target, Schulz said.

Consumers must act to protect themselves, because all their data is vulnerable, Schulz said. “The cake is baked. I don’t know how you unbake it.”


AJC Business reporter Michael E. Kanell keeps you updated on the latest news about jobs, housing and consumer issues in metro Atlanta and beyond. You'll find more on myAJC.com, including these stories:

Never miss a minute of what's happening in local business news. Subscribe to myAJC.com. 

Reader Comments ...

Next Up in Business

This app could reduce the dangers of concussions in young athletes
This app could reduce the dangers of concussions in young athletes

Startup of the week: Who they are: PRIVIT What they do: Their app seeks to keep young athletes safer by helping coaches and trainers report and properly treat concussions and other injuries and medical conditions. Why it’s cool: There’s been plenty of buzz recently about the dangers of concussions in impact sports — including the...
The future is here: Augmented reality apps to use on iPhone or iPad

With the release of an updated mobile operating system in October, Apple’s new augmented reality platform is ready for take-off. The first generation of AR apps is available in Apple’s App Store, allowing millions of iPhone and iPad users to view three-dimensional computer-generated graphics on top of a user’s real-world view. With...
Why I’m skipping wireless charging on my iPhone 8 Plus

I’ve had the iPhone 8 Plus for about a month now, and while on launch day I thought I’d be most excited about wireless charging, I’ve found I’ve abandoned my wireless charger in favor of fast charging. I’ve come to like wireless charging when I’ve used Samsung’s phones, as it’s quite speedy, but Apple...
Rock out with sporty-designed headphones
Rock out with sporty-designed headphones

Listening to a Tom Petty music marathon is great, but making it better in my world was hearing the legendary music on the Soul X-TRA over-the-ear wireless (Bluetooth) headphones. The headphones smooth sound, comfort, and the sporty design were all much appreciated. The sound is promoted as “Advanced HD drivers and circuitry design for a balanced...
All data moving across Wi-Fi networks could be susceptible to hacking
All data moving across Wi-Fi networks could be susceptible to hacking

Home and corporate Wi-Fi networks — and all the data, photos and messages transmitted across them — could be vulnerable to hackers, according to a computer security researcher in Belgium. The vulnerability is in WPA2, the main protocol that protects Wi-Fi networks. Hackers can use a technique known as key reinstallation attacks, or Krack...
More Stories