US-based credit reporting agency Equifax Inc announced on Friday that hackers had gained access to the company’s data, potentially impacting approximately 143 million US consumers.
Hackers exploited a vulnerability in the company’s website application from mid-May through July and gained access to consumer information including names, Social Security numbers, birth dates, addresses and in some instances, driver’s license numbers, the agency said in a statement.
The breach also included credit card numbers of approximately 209,000 consumers and certain dispute documents with personal identifying information of approximately 182,000 consumers.
“This is clearly a disappointing event for our company and one that strikes at the heart of who we are and what we do. I apologise to consumers and our business customers for the concern and frustration this causes,” Chairman and CEO Richard.F. Smith said.
As part of its investigation into the application vulnerability, Equifax also identified unauthorised access to limited personal information of certain UK and Canadian residents.
In its efforts to mitigate damages, the company has created a dedicated website — www.equifaxsecurity2017.com, to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection.
The company has said that it will send direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were impacted.
Equifax is contacting US state and federal regulators and has sent written notifications to all state attorneys general, which includes company’s contact information for regulator inquiries.
“I have told our entire team that our goal can’t be simply to fix the problem and move on. Confronting cybersecurity risks is a daily fight,” Smith added.