Credit monitoring company Equifax (NYSE: EFX) has been hit by a high-tech heist that exposed the Social Security numbers and other sensitive information about 143 million people, Forbes reports.
This breach of personal data potentially affects a vast number of people in the US, UK and Canada.
The theft obtained consumers’ names, Social Security numbers, birth dates, addresses and, in some cases, driver’s license numbers.
According to Equifax’s statement, the attackers used a vulnerability on its website some time between mid-May and the end of July, but Equifax has only now announced the breach.
"As surprising as it seems, the same web application vulnerabilities from decades ago are still some of primary vectors that are leveraged by hackers in modern attack scenarios. It seems that the underlying legacy codebase that handled the Equifax web application was vulnerable enough for an attacker to exploit,” Alex Heid, chief security researcher at SecurityScorecard said in a comment to Forbes.
Equifax discovered the hack July 29, but waited until Thursday to warn consumers.
The Atlanta-based company, one of three major U.S. credit bureaus declined to comment on that delay or anything else beyond its published statement.