Credit reporting agency Equifax announced it has suffered a cybersecurity incident that it says could potentially affect 143 million consumers across the country.
According to a statement posted on a special page made by Equifax that is specifically dedicated to the cybersecurity incident, people responsible for the incident exploited a vulnerability to gain access to certain files, and that the unauthorized access took place from mid-May of 2017, through July of the same year.
The unauthorized access was reportedly discovered on July 29, and actions were taken immediately to stop the intrusion.
Information accessed, according to the statement, includes names, Social Security numbers, birth dates, addresses, and in some cases, driver's license numbers. In addition, Equifax officials said credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers were accessed.
Equifax officials also said there were unauthorized access to limited personal information for certain residents of the United Kingdom and Canada.
Officials said, however, they have found no evidence of unauthorized access to core consumer or commercial credit reporting databases.
Company officials said they have established a website to help consumers determine if their information has been potentially impacted, and to sign up for credit file monitoring and identity theft protection. The company is offering a product called TrustedID Premier to U.S. consumers, for free, for one year.
The offering, according to the statement, includes the monitoring of credit reports by Equifax, Experian, and TransUnion, copies of Equifax credit reports, the ability to lock and unlock Equifax credit reports, identity theft insurance, and internet scanning for Social Security numbers. The website will also provide additional information on steps consumers can take to protect their personal information.
In addition, Equifax officials said they will send direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were impacted. Equifax officials also said they have reported the incident to law enforcement, and will continue to work with authorities.
Equifax website on cybersecurity incident