Equifax, a provider of consumer credit scores, has revealed that a recent hack exposed the personal details of up to 143 million United States consumers.
The company said criminals had accessed details including names, social security numbers, and, in some cases, drivers’ licence numbers.
Equifax also said personal information of some UK and Canadian residents were hacked.
In addition, credit card numbers of around 209,000 US consumers and “certain dispute documents” with personal identifying information of around 182,000 consumers were accessed, the company said.
The Atlanta-based company it would work with US, UK and Canadian regulators to determine the next steps.
Equifax, which discovered the unauthorised access on 29 July, said it had hired a cybersecurity firm to investigate the breach.
The company said there was no evidence of a breach into its “core consumer or commercial credit reporting” databases.
The company handles data on more than 820 million consumers and more than 91 million businesses worldwide and manages a database with employee information from more than 7,100 employers, according to its website.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” Richard F. Smith, chairman and chief executive of Equifax, said in a statement. “Confronting cybersecurity risks is a daily fight.”
The company has created a website, www.equifaxsecurity2017.com, to help consumers determine whether their data was at risk.
“While we’ve made significant investments in data security, we recognise we must do more,” Mr. Smith said.
The Equifax hack follows last December’s attack on Yahoo in which more than 1bn user accounts were compromised in August 2013, while in 2014 EBay urged 145 million users to change their passwords following a cyber attack.