On Thursday, the consumer credit reporting company Equifax disclosed a cybersecurity breach that could affect as many as 143 million U.S. consumers — roughly 44 percent of the U.S. population.
The credit card numbers of roughly 209,000 consumers were accessed, as well as "certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers," Equifax said in a press release. Potentially leaked information includes names, birth dates, social security numbers, addresses, and possibly driver's license numbers.
Equifax discovered the breach July 29, and believes it had been vulnerable from mid-May through July. An investigation by an independent cybersecurity firm suggested that hackers "exploited a U.S. website application vulnerability to gain access to certain files," Equifax said.
"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do," Equifax Chairman and CEO Richard Smith said in a statement. "I apologize to consumers and our business customers for the concern and frustration this causes."
The company is working with law enforcement as well as conducting a review of its security operations. Affected consumers are being alerted via mail.
Equifax shares have already fallen more than 5 percent.