US consumer credit reporting agency Equifax experienced a major data breach potentially exposing the personal information of around 143 million people.
The company said that the hack occurred between mid-May and the end of July, but it only just now announced the breach.
Cyber-criminals “exploited a U.S. website application vulnerability to gain access to certain files” and gathered sensitive information such as Social Security numbers, birth dates and addresses.
Hackers were also able to obtain credit card numbers of about 209,000 customers and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers.
The company says it’s working with law enforcement agencies to investigate the breach. It’s also hired a cyber-security firm to conduct an assessment and provide recommendations on steps that can be taken to help prevent this type of incident from happening again.
According to an FAQ, the company first learned about the hack on July 29.
Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Chairman and Chief Executive Officer, Richard F. Smith.
“We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”
CEO Smith added, “I’ve told our entire team that our goal can’t be simply to fix the problem and move on. Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will.”
The breach is one of the largest ever reported in the US and, said experts, could have a significant impact on any Americans affected by it.
Avivah Litan, a Gartner analyst who monitors ID theft and fraud, was quoted by the BBC as saying:
“On a scale of 1 to 10, this is a 10.
“It affects the whole credit reporting system in the United States because nobody can recover it, everyone uses the same data.”