The credit reference firm said it was extending the offer of free identity protection services to these people as well as those already identified – and making this available for up to two years.

A file containing 15.2 million UK records from 2011 and 2016 was attacked in the incident, with initial estimates putting the total number of people affected at more than 400,000.

However, in October, it revised this figure to 693,665. And today, Equifax said it has taken the decision to write to a further 167,431 UK consumers whose landline telephone numbers were accessed as part of the attack.

However, Equifax said the telephone numbers accessed “are already published in the public Phone Book”.

The incident has already prompted an FCA enquiry and drew the ire of Treasury Select Committee chair, Nicky Morgan.

Equifax initially highlighted four categories of people affected:

• consumers who had an email address associated with their equifax.co.uk account accessed;
• consumers who had portions of their equifax.co.uk membership details accessed – such as username, password, secret questions and answers and partial credit card details;
• consumers who had their driving licence number accessed and;
• consumers who had their phone number accessed.

On its website, Equifax stated: “We are offering this group [167,431] the same free ID protection services as outlined in the initial consumer letters.

“So that they can further protect their personal information, the letter they receive will also provide details of how they can delist their telephone number from the Phone Book, should they wish.”

The Equifax protect service is initially available for free for one year, but affected consumers can request a second free year if they wish.