Equifax, which supplies credit information and other information services, said Thursday that a data breach could have potentially affected 143 million consumers in the United States.

The population of the U.S. was about 324 million as of Jan. 1, 2017, according to the U.S. Census Bureau, which means the Equifax incident affects a huge portion of the United States.

Equifax said it discovered the breach on July 29. “Criminals exploited a U.S. website application vulnerability to gain access to certain files,” the company said.

Shares of Equifax fell more than 5 percent during after-hours trading.

Equifax said exposed data includes names, birth dates, Social Security numbers, addresses and some driver’s license numbers, all of which the company aims to protect for its customers.

The company added that 209,000 U.S. credit card numbers were obtained, in addition to “certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers.”

“This is a security risk for any and every website that anyone uses,” Christopher O’Rourke, CEO and founder of cyber-security firm Soteria told CNBC. “Most often, security questions to access those websites use that data, like a previous address, so this becomes an open-source intelligence nightmare, worse in many ways than the Office of Professional Management government breach. It’s nasty. If I can get my hands on that information I can call a bank. They’re going to ask me for your social, address, the information that was leaked here, to get access.”

Equifax CEO and Chairman Richard Smith said apologized to consumers and customers and noted that he’s aware the breach affects what Equifax is supposed to protect.

Equifax said it is now alerting customers whose information was included in the breach via mail, and is working with state and federal authorities. Its private investigation into the breach is complete.

Source: Tech CNBC
Credit reporting firm Equifax says data breach could potentially affect 143 million US consumers