Data breach discovered on July 29, approximately 143 million U.S. consumers affected Credit: Thinkstock/Equifax Equifax, one of the largest credit bureaus in the U.S., said on Thursday that an application vulnerability on one of their websites led to a data breach that exposed about 143 million consumers. The breach was discovered on July 29, but the company says that it likely started in mid-May.Editor’s note: In October 2017, Equifax raised its estimate of the number of impacted consumers to 145.5 million. Then, on March 1, 2018, the company raised the number by another 2.4 million, bringing the tally to147.9 million. “Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases,” the company said in a statement.The statement goes on to say that those responsible for the data breach accessed records containing Social Security Numbers, birth dates, addresses, and in some cases driver’s license numbers. Moreover, 209,000 consumers also had their credit card data exposed. The data breach also included “certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers.”“As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted,” the company says. Equifax has launched a website (www.equifaxsecurity2017.com) for those potentially impacted, and will offer credit monitoring to all U.S. consumers. The company will also be contacting those directly impacted via USPS with additional details.“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Chairman and Chief Executive Officer, Richard F. Smith in a statement.The company has hired a forensics firm to help with the investigation and offer guidance on preventing such a data breach from happening again.“I’ve told our entire team that our goal can’t be simply to fix the problem and move on. Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will,” Smith added. Related content news Is China waging a cyber war with Taiwan? Nation-state hacking groups based in China have sharply ramped up cyberattacks against Taiwan this year, according to multiple reports. By Gagandeep Kaur Dec 01, 2023 4 mins Cyberattacks Government news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe