Credit reporting and technology company Equifax said Thursday a “cyber security incident” may have exposed the personal information of 143 million U.S. consumers.
The data that might have been accessed includes names, Social Security numbers, birth dates and addresses. The company also said driver’s license numbers might also have been exposed. The unauthorized access also compromised some personal information for an undisclosed number of residents of the United Kingdom and Canada, Equifax said.
Unauthorized access to the information occurred from mid-May to July, the company said, and was discovered by the company on July 29. Equifax, which is based in Atlanta, engaged a outside cybersecurity firm to investigate, the company said.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” Equifax Chairman and CEO Richard F. Smith said in a Thursday news release. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”
The company has set up a website, www.equifaxsecurity2017.com, for additional information and to access credit monitoring and identity theft protection services.
Equifax said it would provide a free package of credit monitoring and ID protection services at no cost, which Smith called an unprecedented step.
A video statement from Smith was uploaded to Equifax’s YouTube page and is below: