Equifax said data on 143 million U.S. customers was obtained in a breach. The breach was discovered July 29. Personal data including birth dates, credit card numbers and more were obtained in the breach.

by Todd Haselton

(CNBC) - Equifax, which supplies credit information and other information services, said Thursday that a data breach could have potentially affected 143 million consumers in the United States.

The population of the U.S. was about 324 million as of Jan. 1, 2017, according to the Census Bureau, which means the Equifax incident affects a huge portion of the country.

Equifax said it discovered the breach on July 29. “Criminals exploited a U.S. website application vulnerability to gain access to certain files,” the company said.

Shares of Equifax fell more than 5 percent in after-hours trading.

The company said the exposed data include names, birth dates, Social Security numbers, addresses and some driver’s license numbers, all of which Equifax aims to protect for its customers.

“This is a security risk for any and every website that anyone uses,” Christopher O’Rourke, founder and CEO of cybersecurity firm Soteria, told CNBC.

“Most often, security questions to access those websites use that data, like a previous address, so this becomes an open-source intelligence nightmare, worse in many ways than the Office of Personnel Management government breach. It’s nasty. If I can get my hands on that information I can call a bank. They’re going to ask me for your Social, address, the information that was leaked here, to get access.”

Equifax Chairman and CEO Richard Smith apologized to consumers and customers and noted that he’s aware the breach affects what the company is supposed to protect.

Equifax said it is now alerting customers whose information was included in the breach via mail, and is working with state and federal authorities. Its private investigation into the breach is complete.

Tweet