Equifax, the credit bureau breached by hackers last year, said the card-payments industry may cut off its access to certain data or impose fines if the company can't prove it's addressed weaknesses.
Equifax disclosed the latest fallout from the cyber attack in a regulatory filing on Thursday, hours after announcing it had identified more consumers affected by the hacking.
To tap into certain data or accept payments via cards, companies must maintain so-called ISO certifications. In light of the breach, an international organization overseeing that process suspended some of the firm's certifications, requiring it take steps to retain them, Equifax said.
Those efforts "may not be successful," Equifax wrote in the filing. "Additionally, certain of our payment card industry certifications have been suspended which could result in fines and loss of access to data if we are not able to complete the necessary remediation steps." That would hurt the company's ability to offer certain products to customers, it said.
Earlier Thursday, the firm said it will notify an additional 2.4 million U.S. consumers that they were affected by last year's breach, which exposed the personal data of 145.5 million people.
Equifax separately reported that fourth-quarter profit rose 40 percent to $172.3 million. Excluding some items, profit was $1.39 a share, topping the $1.35 average estimate of 14 analysts surveyed by Bloomberg. Excluding insurance recoveries, the company spent $26.5 million on the breach during the quarter.