Credit reference agency Equifax has admitted that the details of 15.2 million British people may have been spilled in last month's mega data breach - and not the 400,000 people it had originally claimed.
Shortly after the breach last month, the company suggested that a limited range of information on 400,000 British accounts "may potentially have been accessed" in the hack that saw the details of as many as 145 million Americans compromised.
However, the US firm revealed yesterday that the figure was actually 15.2 million. Equifax was keen to assert the records breached dated from 2011 to 2016, and claimed that most did not contain information that put British people at risk of identity theft.
But sensitive information affecting almost 700,000 consumers was accessed in the breach, including email addresses, passwords, driving license numbers and phone numbers. The data also included partial the credit card details of less than 15,000 customers.
Patricio Remon, president for Europe at Equifax Ltd, said: "Once again, I would like to extend my most sincere apologies to anyone who has been concerned about or impacted by this criminal act. Let me take this opportunity to emphasise that protecting the data of our consumers and clients is always our top priority.
"It has been regrettable that we have not been able to contact consumers who may have been impacted until now, but it would not have been appropriate for us to do so until the full facts of this complex attack were known, and the full forensics investigation was completed."
Remon noted that those affected will receive a letter from the company and can make use of the company's identity protection service.
He continued: "I urge anyone who receives a letter from Equifax to take advantage of the remedial services being offered to help mitigate against any risk, or to contact us should you have any questions."
The National Cyber Security Centre, which last week warned that the UK has been hit by 590 'significant' cyber attacks over the past year, said it was aware of the Equifax breach and advised "that passwords are not re-used on any accounts if you have been told by Equifax that any portion of your membership details have been accessed".
Earlier this month, former Equifax CEO Richard Smith blamed a lone IT staffer for the data breach after failing to patch a vulnerability in the Apache Struts Web Framework.
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all