The massive data breach at Equifax, one of the nation's three major credit reporting companies, may be even larger than originally thought, according to an independent investigation by a cybersecurity firm.
Mandiant, a cybersecurity investigations firm retained by Equifax to look into the breach, found that 2.5 million more U.S. consumers were potentially affected than originally estimated, bringing the total to 145.5 million.
"I want to apologize again to all impacted consumers," said Equifax's newly named interim CEO, Paulino do Rego Barros, Jr. "As this important phase of our work is now completed, we continue to take numerous steps to review and enhance our cybersecurity practices.
"We also continue to work closely with our internal team and outside advisors to implement and accelerate long-term security improvements," Barros added.
Barros took over the reigns at Equifax last week after his predecessor, Richard Smith, abruptly retired in the wake of the data breach, which was first made public on September 7. The breach has sparked multiple federal and state investigations and lawsuits.
In prepared remarks he is scheduled to make Tuesday in a hearing on Capitol Hill, Smith says he learned about the hack on July 31, but did not inform the company's board for another 20 days. He did hire outside legal and investigative experts and contacted federal law enforcement.
Smith is scheduled to appear before four panels this week, beginning with the House Energy and Commerce Committee on Tuesday.