Around 143 million US customers of credit reporting firm Equifax may have had information compromised as part of a cyber security breach.
Information compromised may include social security numbers, addresses, and birth dates. Some UK and Canadian customers were also affected by the Equifax breach.
The hackers also accessed credit card numbers for about 209,000 consumers.
Equifax stated hackers accessed the information between mid-May and the end of July, which was when the breach was discovered.
Hackers won access to the systems by exploiting a “website application vulnerability”.
“I apologise to consumers and our business customers for the concern and frustration this causes,” said Richard Smith, Equifax chairman and chief executive.
“We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.”
Commenting on the Equifax breach, Chris Morales, head of security analytics at Vectra, said: “Equifax needs to raise their cybersecurity score. Enterprises have to realise they cannot address cybersecurity by simply spending money on intrusion prevention solutions and instead need to shift investments to detection and response solutions that are being used by today’s advanced attackers.
“The cyber attackers gained a foothold by seemingly exploiting a web application vulnerability. From there, they most likely escalated privileges, abused credentials and admin protocols, moving laterally through the network, which businesses rarely have the necessary tools to detect.”
Joe Hancock, Cyber Security Lead at Mishcon de Reya, said: “The Equifax breach could affect as many 143 million records but the fact that this is still considered a ‘potential’ breach demonstrates how hard it is to understand the full extent of the loss. It’s clear that Equifax weren’t prepared for this kind of event, even though it is alleged the breach was detected in June.”