The credit rating firm said hackers exploited a bug on the company’s website.
Equifax, one of the largest credit rating and reporting firm in the US, has become the latest company to reveal a data breach.
The incident was discovered on July 29, according to a company statement released after market close on Thursday.
The Atlanta, Georgia-headquartered company said that hackers had between mid-May through July exploited a vulnerability on its website to access certain files.
The data includes names, social security numbers, birth dates, home addresses, and in some cases, driving license information.
It’s thought to be the largest data breach reported so far this year.
As many as 143 million Americans are said to be affected, the company said, representing about half of the US population.
The company said that 209,000 credit card numbers were accessed, and other personally identifiable information on 182,000 consumers were accessed by the hackers.
Some UK and Canadian residents are also affected, the statement confirmed.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Richard Smith, Equifax chief executive.
A website has been set up to help consumers determine if they are affected.
At the time of writing, the company is already down more than 6 percent in after-hours trading.