Equifax, one of the largest credit reporting agencies in the US, revealed today that it has suffered a massive data breach at the hand of hackers. The stolen data includes names, Social Security numbers, birthdates, and other personal information for 143 million Americans.
The data was accessed via a web application vulnerability, Equifax said in a statement. The company’s investigation found that hackers first accessed the data in mid-May of this year and maintained their access over the summer, ending on July 29. Equifax is working with a forensic firm to investigate the breach, and says its investigation is ongoing.
Credit card numbers belonging to roughly 209,000 consumers were also stolen, along with what Equifax calls “dispute documents with personal identifying information” for 182,000 more people.
“The company has found no evidence of unauthorised activity on Equifax’s core consumer or commercial credit reporting databases,” the company said in a statement.
Equifax says that data belonging to people in Canada and the United Kingdom may also have been accessed, and it is working with regulators in those countries to disclose the breach.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” Equifax CEO Richard F. Smith said in a statement.
Social Security numbers and other personal information can be used in identity theft schemes. Credit card numbers, of course, can be used to make fraudulent purchases. Equifax is offering identity theft protection and credit monitoring to affected consumers.
The Equifax breach affects many more people than the 2013 Target hack that exposed the financial information of more than 41 million customers. Target paid a $18.5 million settlement in response to lawsuits over the hack.