Equifax, one of the largest credit reporting agencies in the US, revealed today that it has suffered a massive data breach at the hand of hackers. The stolen data includes names, Social Security numbers, birthdates, and other personal information for 143 million Americans.
In 2016, Equifax bought Veda, Australia’s largest credit reporting agency, and rebranded it to Equifax earlier this year. At the moment, it’s not believed that Australian details were accessed in the breach.
The data was accessed via a web application vulnerability, Equifax said in a statement. The company’s investigation found that hackers first accessed the data in mid-May of this year and maintained their access over the summer, ending on July 29. Equifax is working with a forensic firm to investigate the breach, and says its investigation is ongoing.
Credit card numbers belonging to roughly 209,000 consumers were also stolen, along with what Equifax calls “dispute documents with personal identifying information” for 182,000 more people.
“The company has found no evidence of unauthorised activity on Equifax’s core consumer or commercial credit reporting databases,” the company said in a statement.
Equifax says that data belonging to people in Canada and the United Kingdom may also have been accessed, and it is working with regulators in those countries to disclose the breach.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologise to consumers and our business customers for the concern and frustration this causes,” Equifax CEO Richard F. Smith said in a statement.
The Equifax breach affects many more people than the 2013 Target hack that exposed the financial information of more than 41 million customers. Target paid a $US18.5 ($23) million settlement in response to lawsuits over the hack.