Credit-score company Equifax reveals hack that exposed up to 143 million customers

Equifax Inc, a provider of consumer credit scores, said on Thursday that personal details of as many as 143 million US consumers were accessed by hackers between mid-May and July, in what could be one of the largest data breaches in the United States.

The company’s shares fell nearly 19 per cent in after-market trading as investors reacted to possible consequences of the exposure of sensitive data of nearly half of the US population.

Atlanta-based Equifax said in a statement that it discovered the breach on July 29. It said criminals exploited a US website application vulnerability to gain access to certain files that included names, Social Security numbers and driving licence numbers.

In addition, credit card numbers of around 209,000 US consumers and certain dispute documents with personal identifying information of around 182,000 US consumers were accessed. Information of some UK and Canadian residents was also gained in the hack, Equifax said.

Equifax said in its statement that it was working with law enforcement agencies and has hired a cyber-security firm to investigate the breach. It said its investigation is “substantially complete,” and expects it will be completed in the coming weeks.

The company declined to comment beyond its statement.