Equifax, an international credit reporting agency, has announced that a cybersecurity breach exposed the personal information of 143 million U.S. consumers. In a statement released Thursday, the Atlanta-based agency acknowledged that “criminals exploited a U.S. website application vulnerability to gain access to certain files.”
Those files include data such as Social Security numbers, birthdates and addresses — and, Equifax adds, “in some instances, driver’s license numbers.”
For a span of roughly two months — from mid-May through July 29, when Equifax says it uncovered the breach — hackers had access to this information, as well as the credit card numbers of about 209,000 consumers and “certain dispute documents with personal identifying information” of about 182,000.
All told, the number of American consumers affected constitutes about 44 percent of the U.S. population.
Equifax did not explain why more than two months passed before it discovered the hack, which also affected an unspecified number of consumers from Canada and the U.K.
However, the agency is careful to note, it “has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.”
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Chairman and CEO Richard F. Smith said in a statement.
Equifax handles the data of more than 820 million people and more than 91 million businesses worldwide, the agency says on its website, to transform “knowledge into insights that help make more informed business decisions.”
As gargantuan as the numbers may be, The New York Times points out this is not the largest data breach in history. That dubious distinction goes to Yahoo, which nearly a year ago announced that the personal information of at least 500 million people had been stolen. Just months later, the company said hackers stole data associated with more than 1 billion user accounts.
Equifax, for its part, says it has been in touch with law enforcement and that it has set up a website for consumers to determine whether they have been affected by the breach announced Thursday. It has also set up a call center at 866-447-7559 for the same purpose.