Equifax, one of the largest credit reporting firms in the nation, announced on Thursday that a recent “cybersecurity incident” may have affected 143 million U.S. consumers.
The information compromised includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.
Credit card numbers for approximately 209,000 U.S. consumers were also accessed, the company said, in addition to some dispute documents with personally identifiable information for about 182,000 U.S. consumers.
Equifax also identified unauthorized access to the personal information for certain UK and Canadian residents. The number of those individuals affected was not disclosed.
The Atlanta-based company said in a press release that cyber criminals successfully exploited a website application vulnerability to gain unauthorized access to certain files.
Based on the company’s initial investigation, intruders gained access from mid-May through July 2017. The company said it first discovered the incident on July 29 and acted immediately to stop the intrusion.
Equifax noted it has found no evidence of unauthorized activity on its core consumer or commercial credit reporting databases.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Chairman and Chief Executive Officer, Richard F. Smith.
“We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”
Equifax has engaged a cybersecurity firm to assist with the ongoing investigation, and is currently working with law enforcement.
Consumers whose credit card numbers or dispute documents were impacted will be notified via mail. The company is directing consumers to a dedicated website (www.equifaxsecurity2017.com) for more information and to sign up for credit file monitoring and identity theft protection.
“Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will,” said Smith.
With nearly 150 million potentially affected consumers, experts estimate the breach could be among the largest ever in the U.S.