Consumer credit reporting agency Equifax is notifying 143 million customers after discovering cybercriminals gained access to its files through a website application vulnerability, potentially compromising customer financial data.
The company discovered the intrusion July 29 and immediately halted the unauthorized access. An investigation determined the security incident occurred mid-May through July.
The information accessed includes names, Social Security numbers, birth dates, addresses and, in some instances, driver's license numbers, credit card numbers and dispute documents. The cybercriminals accessed credit card numbers for approximately 209,000 U.S. consumers.
The majority of those affected are U.S. customers, but Equifax said a limited number of U.K. and Canadian residents may have also been impacted.
"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes," said Equifax Chairman and CEO Richard F. Smith.
Equifax established a dedicated website and call center to address questions from affected customers. It is also offering U.S. consumers access to free credit monitoring and identity theft protection services for one year.