(CNN) Equifax says a giant cybersecurity breach compromised the personal information of as many as 143 million Americans — almost half the country.
Cyber criminals have accessed sensitive information — including names, social security numbers, birth dates, addresses, and the numbers of some driver’s licenses.
Additionally, Equifax said that credit card numbers for about 209,000 U.S. customers were exposed, as was “personal identifying information” on roughly 182,000 U.S. customers involved in credit report disputes. Residents in the U.K. and Canada were also impacted.
The breach occurred between mid-May and July, Equifax said. The company said it discovered the hack on July 29.
The data breach is one of the worst ever, by its reach and by the kind of information exposed to the public.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” said Equifax chairman and CEO Richard F. Smith.
Equifax is one of three nationwide credit-reporting companies that track and rates the financial history of U.S. consumers. The companies are supplied with data about loans, loan payments and credit cards, as well as information on everything from child support payments, credit limits, missed rent and utilities payments, addresses and employer history, which all factor into credit scores.
Unlike other data breaches, not all of the people affected by the Equifax breach may be aware that they’re customers of the company. Equifax gets its data from credit card companies, banks, retailers, and lenders who report on the credit activity of individuals to credit reporting agencies, as well as by purchasing public records.
Equifax is mailing notices to people whose credit cards or dispute documents were affected.
It also says that consumers can check to see if they’ve potentially been impacted by submitting their name and the last six digits of their social security number. Users are given a date when they will be enrolled in free identity theft protection and credit file monitoring services. Equifax did not immediately reply to CNN Tech’s request for more information about the process.
“This is reason Number 10,000 to check your online bank statements and credit card statements on a regular basis, ideally weekly,” said Matt Schulz, senior industry analyst at CreditCards.com. “Bad guys can be very patient, so it’s important to keep an eye out long after this story fades from the headlines.”
Equifax will not be contacting everyone who was affected, but will send direct mail notices to those whose credit card numbers or dispute records were accessed.
The company suggests you sign up for credit file monitoring and identity theft protection. It is providing free service for one year through TrustedID Premier — whether or not you’ve been affected by the breach.
To enroll, go to www.equifaxsecurity2017.com and click on the Check Potential Impact tab. You must submit your last name and last six digits of your Social Security number there. At that point you’ll be given a date when you can return to the site and sign up for the service.
The site says once you’ve submitted your information you will receive a message indicating whether you’ve been affected. But it’s unclear when or how you will receive that message.
The company also recommends that you review account statements and credit reports yourself to check for incidents of fraud. You can request a copy of your credit report online at www.annualcreditreport.com. You are allowed a free copy once a year from each of the three credit reporting agencies: Equifax, Experian, and TransUnion.