Equifax, one of the three largest consumer credit reporting agencies in the United States, disclosed Thursday afternoon it’s looking into a data breach that may have affected upwards to 143 million Americans.
The company said in a statement on its site that cybercriminals managed to exploit an unnamed U.S. website application vulnerability earlier this year, from mid-May through July, to access sensitive data in its systems.
According to the company the attackers managed to access information containing Social Security numbers, birth dates, addresses, and some driver’s license numbers.
Equifax said it discovered the intrusion on July 29, meaning attackers apparently had access to the company’s files for nearly 12 weeks.
The company is warning attackers accessed credit card numbers belonging to 209,000 U.S. customers and additional documents containing personally identifiable information (PII) for 182,000 other Americans.
U.S. customers weren’t alone; the company says limited personal information belonging to UK and Canadian residents was also accessed. The company did not disclose exactly what type of data was accessed but said it was working with UK and Canadian regulators to determine the next steps. The company says outside of the UK, US, and Canada, consumers in other countries are not affected.
The company says it’s investigation is ongoing but that concerned Americans can visit a website, equifaxsecurity2017.com to determine if they’ve been impacted, file for credit monitoring, and keep up to date on news around the breach.
The company handles data on more than 820 million customers and 91 million businesses worldwide.