More than six months after the September 2017 breach at credit reporting agency Equifax Inc., there are still numerous questions surrounding the incident and its repercussions. What role, for instance, did some of its legal executives play in the breach response? How will hundreds of class actions against the company proceed? And how will the breach affect future cybersecurity regulation?

But with significant inquiries, they might have to take a back seat to a far more pressing matter: Just how many Equifax customers had their personal data compromised in the first place?