Equifax, one of the three largest consumer credit reporting agencies in the United States, disclosed Thursday afternoon it’s looking into a data breach that may have affected upwards to 143 million Americans.

The company said in a statement on its site that cybercriminals managed to exploit an unnamed U.S. website application vulnerability earlier this year, from mid-May through July, to access sensitive data in its systems.

According to the company the attackers managed to access information containing Social Security numbers, birth dates, addresses, and some driver’s license numbers.

Equifax said it discovered the intrusion on July 29, meaning attackers apparently had access to the company’s files for nearly 12 weeks.

The company is warning attackers accessed credit card numbers belonging to 209,000 U.S. customers and additional documents containing personally identifiable information (PII) for 182,000 other Americans.

U.S. customers weren’t alone; the company says limited personal information belonging to UK and Canadian residents was also accessed. The company did not disclose exactly what type of data was accessed but said it was working with UK and Canadian regulators to determine the next steps. The company says outside of the UK, US, and Canada, consumers in other countries are not affected.

The company says it’s investigation is ongoing but that concerned Americans can visit a website, equifaxsecurity2017.com to determine if they’ve been impacted, file for credit monitoring, and keep up to date on news around the breach.

The company handles data on more than 820 million customers and 91 million businesses worldwide.

Categories: Privacy

Comments (6)

  1. Brian

    That link is unhelpful. First it tells me to try again on date on it. And out of curiosity I tried again on second time, it said my data is secured. I am more confused and angry.

    • James

      That Equifax site is indeed a mess. Something fishy here, have a feeling things are going to get a lot worse for this company and their incident response before they get better.

  2. M. A.

    Are people with credit file freezes protected, or were details about those freezes leaked as well?

  3. joe

    Be careful, by signing up for their 1 year of free id theft protection, you wavier the rights to sue them for damages caused by the breach.

  4. Celyle

    Equifax is deflecting. Even if Apache Struts had an unknown vulnerability, there is no excuse for millions of PII records to be within reach of servers also accessible from the Internet. Everyone involved with Equifax network architecture should resign in shame.

Comments are closed.