Last year, Equifax admitted hackers stole sensitive personal records on 145 million Americans and hundreds of thousands in the UK and Canada.
The outfit already said cyber-crooks "primarily" took names, social security numbers, birth dates, home addresses, credit-score dispute forms, and, in some instances, credit card numbers and driver license numbers.
Now the credit-checking giant reckons the intruders snatched even more information from its databases.
According to documents provided by Equifax to the US Senate Banking Committee, and revealed this month by Senator Elizabeth Warren (D-MA), the attackers also grabbed taxpayer identification numbers, phone numbers, email addresses, and credit card expiry dates belonging to some Equifax customers.
Like social security numbers, taxpayer ID numbers are useful for fraudsters seeking to steal people's identities or their tax rebates, and the expiry dates are similarly useful for online crooks when linked with credit card numbers and other personal information.
"As your company continues to issue incomplete, confusing and contradictory statements and hide information from Congress and the public, it is clear that five months after the breach was publicly announced, Equifax has yet to answer this simple question in full: what was the precise extent of the breach?"