Credit reporting firm Equifax reported Thursday that it identified another 2.4 million consumers in the United States who had their personal information stolen in the massive data breach that hit the company last year.

Equifax said the recently identified victims had their names and driver’s license numbers exposed. The 2.4 million victims bring the total of those affected by the 2017 breach to more than 148 million—nearly half of the entire population of the United States.

Equifax Equifax revealed 2.4 million more people were affected by its 2017 breach. Photo: Equifax/Wikimedia Commons

According to Equifax, it was able to successfully identify the identities of the consumers by referencing “other information in proprietary company records that the attackers did not steal,” and by consulting resources of an external data provider.

Affected consumers will be identified of the exposure by Equifax. The credit reporting firm also promised to provide identity theft protection and credit monitoring services at no cost to the victims.

“This is not about newly discovered stolen data,” Paulino do Rego Barros, Jr., the interim CEO at Equifax, said in a statement. “It’s about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers, and making connections that enabled us to identify additional individuals.”

Barros went on to say Equifax will “continue to take broad measures to identify, inform, and protect consumers who may have been affected by this cyberattack.” The firm’s CEO insisted Equifax is “committed to regaining the trust of consumers, improving transparency, and enhancing security across our network.”

While Barros has acted to reassure consumers that Equifax would work to regain their trust, the company has had a rough go since the breach was first made public in September 2017—several months after it took place and 40 days after the company was made aware of the hack.

In the immediate aftermath of Equifax reporting the breach to the public, the company came under fire for setting up a website that required consumers to enter six digits of their social security number in order to find out if they were affected.

It was also blasted by consumers for offering a free year of consumer protection that automatically renewed and charged consumers for the service after the first year of protection expired.

When Equifax’s CEO went before the U.S. Senate, the company was encouraged to offer a free credit freeze to consumers to allow them to protect themselves from potential identity theft. Equifax made good on that request by releasing a mobile app designed to allow consumers to freeze their credit files—but the app regularly crashed.

Even if the new service had worked as intended, it’s not clear that consumers would have made use of it. According to a new report by CreditCards.com, half of all U.S. adults have not looked at their credit report since the Equifax breach was first reported.