The massive Equifax data breach potentially affected 2.5 million more people than the company initially stated, according to findings released on Monday.
That brings the total number of people caught up in the massive hack to 145.5 million.
Equifax will alert the additional potentially affected consumers by mail. The website used to determine whether someone was impacted in the breach will be updated to include the new potential victims by October 8, the credit monitoring company said in a statement.
Equifax hired cybersecurity firm Mandiant to investigate the major breach in August — a month before it publicly disclosed that the personal information of millions of customers might have been compromised. On Monday, Equifax announced Mandiant completed its forensic investigation and revised the number of people impacted by the hack.
The new findings included only U.S. consumers, but Equifax also said personal information of 8,000 Canadian consumers was impacted, down from an initial estimate of 100,000.
Federal and state officials are probing the breach and potential executive insider trading.
Former Equifax CEO Richard Smith, who is testifying on Capitol Hill this week, says he is “very sorry” for the security breach that could put millions of people at risk for identity theft and credit fraud.
Smith is slated to appear before the House Energy and Commerce Committee on Tuesday and is expected to testify that human error and technical failures allowed hackers to access personal identifying information.
Hackers accessed names, addresses, social security numbers, and some driver’s licenses through a flaw in software known as Apache Struts. The flaw was disclosed in March, but Equifax failed to detect and fix the hole. Criminals stole the data between May and July, Equifax said.
The company is offering free credit monitoring and credit freezing for people who are concerned about their data falling into the wrong hands.