Equifax Announces Massive Data Breach Affecting 143 Million Americans

ATLANTA, GA — Millions of people seeking everything from low-limit credit cards to million-dollar mortgage loans have been effectively rejected or approved based largely on sensitive personal information from three major credit-reporting agencies that collect data on hundreds of millions of consumers. The agencies, Equifax, Experian and TransUnion, store on their computer systems names, Social Security numbers, dates of birth, home addresses, employment histories, credit card numbers, previous loans, the promptness of payments and accounts of all financial disputes, both resolved and ongoing.

Access to just one agency's computer system, hackers have long recognized, could provide them with all the information needed for identity theft on a massive scale. Hackers managed to break into the computer system of Equifax once last year and again earlier this year, stealing information considered critical.

Somehow, though, the company's response was not enough to prevent a third third breach of its computer system, disclosed Thursday, that went undetected from mid May through June, allowing criminals to steal far more information about far more people. Equifax officials estimate the theft included information of 143 million American consumers, including Social Security numbers, driver's license numbers, birth dates and addresses. Credit card numbers for 209,000 consumers were stolen, and documents used in disputes with information on 182,000 people were also taken.

“This is about as bad as it gets,” Pamela Dixon, executive director of the nonprofit World Privacy Forum, told the New York Times. “If you have a credit report, chances are you may be in this breach. The chances are much better than 50 percent.”

(For local Atlanta news, subscribe for free to the Atlanta Patch to receive daily newsletters and breaking news alerts. For more national stories, subscribe to the Across America Patch.)

Equifax, based in Atlanta, has created a website to help consumers determine whether they have been affected by the breach, and the company is offering its credit protection service free for one year to consumers who enroll by Nov. 21, regardless of whether they are victims. The company also suggests getting a free copy of your credit report from the three major credit bureaus by going to annualcreditreport.com.

The company said it will get in touch with people whose information was affected. Experts say anyone who might have been affected should keep a close watch on their financial statements for any unusual activity.

"When breaches like these happen, consumers need to be diligent — and not just in the short term," said Matt Schulz, CreditCards.com's senior industry analyst. "Just because nothing looks amiss on your bank statements or your credit report now, that doesn't mean you haven't been compromised. Bad guys can be very patient, so it's important to keep an eye out long after this story fades from the headlines."

WATCH: Massive Data Breach At Equifax Leaves 143M At Risk

He continued: "Remember that no one cares as much about your money as you do, and you are ultimately your last line of defense against fraud. Check your credit card statements and bank statements, examine your credit reports from all the bureaus, and as the saying goes, if you see something, say something. You'll be glad you did."

Consumers can also ask their banks and credit card companies to alert them of any unusual activity on their accounts.

Equifax said hackers also accessed some "limited personal information" from UK and Canada residents. Equifax said it doesn't believe that any consumers from other countries were affected.

The company first became aware of unauthorized access to its data on July 29.

"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do," said Equifax CEO Richard Smith. "I apologize to consumers and our business customers for the concern and frustration this causes."

"I've told our entire team that our goal can't be simply to fix the problem and move on," he said. "Confronting cybersecurity risks is a daily fight. While we've made significant investments in data security, we recognize we must do more. And we will."

"This is reason Number 10,000 to check your online bank statements and credit card statements on a regular basis, ideally weekly," said Shulz of Creditcards.com. "We think nothing of checking Facebook or Instagram 10 times a day, but many think it is too much to ask to check your bank statements once a week. It's not. It's easy to do, doesn't take long and can help you spot problems before they get out of control."

The AP contributed to this report.

AP Photo/Mike Stewart