One of the big three credit monitoring services in the country, Equifax, has confirmed a cyber security incident that could impact millions of people.
The Atlanta-based company released a statement late Thursday afternoon announcing the breach that could impact as many as 143 million U.S. customers.
"Criminals exploited a U.S. website application vulnerability to gain access to certain files," the company said in its statement. "Based on the company's investigation, the unauthorized access occurred from mid-May through July 2017."
Despite the hack, Equifax said it has found no evidence of unauthorized activity on the company's core consumer or commercial credit reporting databases.
However, they believe the hackers primarily accessed social security numbers, names, birth dates addresses and, in some instances, driver's license numbers.
"In addition, credit card numbers for approximately 209,000 U.S. consumers and certain dispute Documents with personal identifying information for approximately 182,000 U.S. consumers were accessed," the company said.
Limited data from some UK and Canadian residents was also accessed
The unauthorized access was discovered on July 29 after which the company said it acted to immediately stop the intrusion and hired an independent cyber security firm to determine the scope of the breach.
"I've told our entire team that our goal can't be simply to fix the problem and move on," CEO Richard F. Smith said. "Confronting cyber-security risks is a daily fight. While we've made significant investments in data security, we recognize we must do more. And we will."
Equifax has established a dedicated website to help consumers determine if their information has been impacted - and to sign up for credit file monitoring and identity theft protection. The company will also be sending direct mail notices to consumers whose credit card numbers or dispute documents that were impacted.