Equifax now says 8,000 Canadians may have been affected by cybersecurity breach

Equifax Inc. says the number of Canadians who may have been affected by a cybersecurity breach at the company is 8,000, revised downward from an earlier figure of 100,000.

In a release issued after the close of stock markets on Monday, Equifax said the initial figure of 100,000 was "preliminary and did not materialize."

• Equifax board launches review of executive stock sales after data breach

The company released the new figure after cybersecurity firm Mandiant, which Equifax hired to investigate the breach it disclosed on Sept. 7, finished the forensic portion of its probe.

"The completed review subsequently determined that personal information of approximately 8,000 Canadian consumers was impacted," Equifax said. "In addition, it also was determined that some of the consumers with affected credit cards announced in the company's initial statement are Canadian."

Equifax said it will mail written notices to all of the potentially affected Canadian citizens.  

Mandiant also told Equifax on Sunday that another 2.5 million U.S. consumers were potentially affected by the breach, bringing the total number in the U.S. to 145.5 million.

• Equifax to offer free locking of credit files for life — unless you're Canadian

Equifax said the review also concluded that there is no evidence the attackers accessed databases located outside of the United States. 

"I want to apologize again to all impacted consumers," Equifax's recently appointed interim CEO Paulino do Rego Barros Jr. said in a release. 

"As this important phase of our work is now completed, we continue to take numerous steps to review and enhance our cybersecurity practices. We also continue to work closely with our internal team and outside advisers to implement and accelerate long-term security improvements," Barros said.

Equifax said last month that its computer systems were hacked between May 13 and July 30.