(Reuters) – Equifax Inc, a provider of consumer credit scores, said personal details of as many as 143 million U.S. consumers were accessed by hackers between mid-May and July, in what could be one of the largest data breaches in the United States.
The company’s shares were down 8.7 percent at $134.16 in after-market trading on Thursday.
The details accessed included names, social security numbers, and, in some cases, driver’s license numbers, Equifax said.
In addition, credit card numbers of around 209,000 U.S. consumers and certain dispute documents with personal identifying information of around 182,000 U.S. consumers were accessed, the company said.
“The sheer scope of the breach is extremely troubling,” said Ryan Kalember, senior vice president of the cyber-security firm Proofpoint Inc.
Equifax also said personal information of certain UK and Canadian residents were also hacked.
The company said it was working with law enforcement agencies and had hired a cyber-security firm to investigate.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” Chief Executive Richard Smith said in a statement.
Atlanta-based Equifax tracks consumer history and credit card scores for borrowers and lenders. The company also helps consumers manage and protect their personal information.
“On a scale of 1 to 10, this is a 10. It affects the whole credit reporting system in the United States because nobody can recover it, everyone uses the same data,” Avivah Litan, a Gartner Inc analyst who tracks identity theft and fraud, told Reuters.
In October 2015, Equifax rival Experian Plc revealed a data breach that exposed sensitive personal data of some 15 million people who applied for service with T-Mobile US Inc (http://reut.rs/2f8ES9k)
Equifax, which discovered the hack on July 29, said its core consumer or commercial credit databases were not impacted.
The company said criminals exploited a U.S. website application vulnerability to gain access to certain files. The company did not provide further details.
Last December, Yahoo Inc said more than 1 billion user accounts was compromised in August 2013, while in 2014 e-commerce company eBay Inc had urged 145 million users to change their passwords following a cyber attack. (http://reut.rs/2wMNxrT)
Equifax said consumers could check if their information had been impacted at, www.equifaxsecurity2017.com.
(Reporting by Yashaswini Swamynathan and Laharee Chatterjee in Bengaluru;…