A cybersecurity data breach at credit report provider Equifax exposed the personal data of 143 million U.S. consumers, the agency has reported.
The global consumer credit agency announced yesterday that cyber criminals were able to gain access Equifax client information, including social security numbers, birth dates, addresses and even driver’s license numbers in some cases.
Equifax also disclosed that some Canadian and U.K. residents were also affected by the breach, and that credit card information for more than 200,000 U.S. consumers was acquired.
The hackers first breached the credit report giant’s system in mid-May by abusing a “website application vulnerability.” The cyber-criminals continued to steal personal information until the end of July when Equifax discovered the unauthorized access on July 29.
Although they haven’t released any more details on how the cyber criminals breached their system, Equifax said they acted immediately to stop the intrusion.
Equifax CEO Richard Smith called the data breach a “disappointing event” for the agency and that the incident “strikes at the heart of who we are and what we do.”
“I apologize to consumers and our business customers for the concern and frustration this causes,” said Smith. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.”
In response to the cyberattack, Equifax has hired an independent cybersecurity firm to conduct a forensic review to determine the scope of the intrusion. The firm is also being engaged to provide the agency with recommendations to prevent future breaches.
Equifax has also set up a dedicated website for consumers where they can determine if the were one of the 143 million impacted by the breach. Through the site, they can sign up for credit file monitoring and identity theft protection.
“We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident,” said Smith.
The agency said they are working UK and Canadian regulators to determine appropriate next steps for affected residents. They also reported they have found no evidence of a data breach affecting consumers in other countries.