"This is not about newly discovered stolen data," Paulino do Rego Barros, Jr., Equifax's Interim CEO, said in a statement. "It's about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers and making connections that enabled us to identify additional individuals." Equifax said that because the attackers appeared to be focused on obtaining social security numbers, that's what their investigation centered on during its initial phases. These additional 2.4 million individuals didn't have their social security numbers stolen and were therefore not spotted earlier in the investigation.

Equifax says that the newly identified victims of the breach will be notified and will have free access to identity theft protection and credit monitoring services.