Credit-reporting company Equifax announced Thursday that it had suffered a “cybersecurity incident” that could impact as many as 143 million US consumers. Criminal hackers apparently accessed names, Social Security numbers, birth dates, addresses, and, in some instances, driver’s licenses.
The hackers also accessed credit card numbers for more than 200,000 people and “documents with personal identifying information” for about 182,000 people.
According to Equifax, criminals exploited a “website application vulnerability” to gain access to files. The company said that the unauthorized access continued from mid-May through July.
“The company has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases,” Equifax said in a news release.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” Equifax Chairman and CEO Richard F. Smith said. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”
The company has established a website, www.equifaxsecurity2017.com
, to help consumers determine if their information has been impacted and to sign up for credit-file monitoring and identity-theft protection.