The Equifax breach just got worse for consumers. Yes, worse if that’s even possible. When it first announced the breach, Equifax said that the hacker or hackers had gotten “only” (Equifax’s word, not mine) gotten consumers’ names, SSN, birth dates, addresses and the numbers of driver’s licenses and credit cards for some, but not all, of the consumers.

So what’s gotten worse? First, rather than alert the public, the new details about the broader scope of the breach was contained in a document Equifax gave to the Senate Banking Committee. In that document, Equifax revealed that its forensic investigation uncovered the hackers got even more information — including consumers’ tax identification numbers, email addresses, phone numbers, credit card expiration dates and the States that issued the driver’s licenses.

While claiming they didn’t mislead consumers, the reality is that Equifax did just that. And that’s just added to their cavalier handling of the magnitude of consumers’ most sensitive information.