NEW YORK — Credit reporting firm Equifax announced on Thursday nearly half of the US population could be impacted by a data breach incident that happened earlier this year.
The information obtained in the breach includes names, social security numbers, birth dates, address, and some driver’s license numbers.
Equifax said 143 million consumers could be impacted. According to census.gov, the US population is just over 325 million.
The company discovered the breach on July 29 and unauthorized access started in mid-May.
In addition to the breach, credit card numbers for approximately 209,000 consumers “and certain dispute documents, which included personal identifying information, for approximately 182,000 consumers” were accessed during the incident.
“We identified a cybersecurity incident potentially impacting approximately 143 million U.S. consumers,” Equifax said in a statement. “Criminals exploited a U.S. website application vulnerability to gain access to certain files. We discovered the unauthorized access and acted immediately to stop the intrusion.”
The company has engaged with a separate cybersecurity firm to conduct a forensic review of the intrusion and law enforcement officials are currently investigating.
According to Equifax, investigators have found no evidence of “unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.”
Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents, according to the statement.
Equifax has a “check potential impact” tool on their website where users can check to see if their information was compromised. However, the tool is not correctly displaying whether personal information was included in the data breach and is only providing users information about the TrustedID program and their “enrollment” date.
Editor’s note: Many users are currently reporting the tool is not working for them. While some users are getting a “no” message, many users are only seeing a date for “TrustedID Premier.” If you do not receive a “yes” or a “no,” you’re encouraged to try again at a later time.
Consumers who want more information about the incident should visit equifaxsecurity2017.com.