Credit monitoring company Equifax announced Thursday that criminals exploited a U.S. website application vulnerability to gain access to files, compromising social security numbers and other data from approximately 143 million Americans.
The Atlanta-based company said Thursday that 'criminals' accessed files between mid-May and July of this year. It said consumers' names, Social Security numbers, birth dates, addresses and, in some cases, driver's license numbers were exposed. Credit card numbers for about 209,000 U.S. consumers and dispute documents with personal identifying information for 182,000 consumers were also accessed.
"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes," said Chairman and Chief Executive Officer, Richard F. Smith.
Equifax says it discovered the breach on July 29 of this year and acted immediately to stop the intrusion. It says it has engaged a leading, independent cybersecurity firm to determine the scope of the breach, including the specific data impacted. The company says it has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases.
Equifax says it will send direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were impacted. Consumers can visit www.equifaxsecurity2017.com or call 866-447-7559 to determine if their information has been potentially impacted and to sign up for free credit file monitoring and identity theft protection for one year.
Equifax says it has also identified unauthorized access to limited personal information for certain UK and Canadian residents and will work with UK and Canadian regulators to determine appropriate next steps.