The hackers also accessed credit card numbers for more than 200,000 people and “documents with personal identifying information” for about 182,000 people.
According to Equifax, criminals exploited a “website application vulnerability” to gain access to files. The company said that the unauthorized access continued from mid-May through July.
“The company has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases,” Equifax said in a news release.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” Equifax Chairman and CEO Richard F. Smith said. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”
The company has established a website, , to help consumers determine if their information has been impacted and to sign up for credit-file monitoring and identity-theft protection.
Could new credit score model become the norm?
Credit-reporting company Equifax announced Thursday that it had suffered a “cybersecurity incident” that could impact as many as 143 million US consumers. Criminal hackers apparently accessed names, Social Security numbers, birth dates, addresses, and, in some instances, driver’s licenses.