Consumer credit reporting agency Equifax on Thursday said it suffered a major criminal data breach that exposed personal information of as many as 143 million consumers in the U.S. between mid-May and July of this year.
The attack exposed a range of sensitive personal data, including names, addresses, Social Security Numbers, dates of birth, and in some cases driver’s license numbers, Equifax said. The attackers also accessed credit card data for about 209,000 consumers and credit dispute information for about 182,000 consumers.
Further, the intruders obtained a limited amount of personal information for certain people in the UK and Canada, but Equifax did not specify how many were affected.
The company has responded well to the attack, said Mark Nunnikhoven, vice president of cloud research at Trend Micro, noting that its CEO has issued a written and video statement accepting responsibility, it has called in outside technical expertise, and it is providing assistance for consumers.
Still, the attack appears to have exposed a vulnerability at Equifax that could challenge it from both a security and branding perspective and potentially expose it to legal jeopardy.