Credit reporting firm Equifax revealed today that hackers gained unauthorized access to personal information of up to 143 million US consumers – more than a third of the country's population.
According to Equifax, the breach occurred around mid-May through July of this year, exploiting a website application vulnerability.
While primarily a US-based cyber attack, Equifax also said "limited personal information" was accessed pertaining to some UK residents, with more details to come regarding users affected outside the US.
The company says it became aware of the breach on July 29, and acted to stop the leak and conduct a forensic review for law enforcement.
Among the data stolen was customers' names, Social Security numbers, birth dates, addresses and some driver's license numbers.
Equifax says approximately 209,000 US users also had their credit card information comprised, and about 182,000 had dispute documents accessed. Equifax is mailing notices to those users.
Though a hugely worrying breach, Equifax claims it has found "no evidence of unauthorized activity" on the company's core consumer or credit reporting databases. Still, the information stolen is highly sensitive.
Equifax has set up a dedicated webpage to help customers establish whether their data has been compromised, and if so what steps they can take to protect their identity.
Once on the page, you need to click the 'Potential Impact' button. You're asked to enter your last name and the last six digits of your social security number; we were admittedly wary of giving this information considering the hack.
While Equifax says it will send a message indicating whether your personal information may have been compromised, one TechRadar staffer received a message but another didn't.
Whether or not your information was stolen, Equifax is offering consumers free enrollment in its TrustedID Premier program.
It appears that there's a waiting list for this credit file monitoring and identity theft protection program; we were given an enrollment date of September 13 and told to return to this site then. No additional alert will be sent reminding you to enroll, and enrollment will end on November 21.
You can also call an information line at 866-447-7559, although call volume is understandably high at the moment.
In the wake of the breach, it's important to be wary of suspicious emails, especially those claimed to be from Equifax or other official sources. Don't click on links or download material from emails that seem suspicious, as phishing attempts often run rampant after breaches like this.
It's also a good idea to change your passwords, and keep an eye on your credit card and bank accounts. You can also monitor your credit with the two other large US credit reporting companies, Experian and TransUnion.
Also read: Blue Jays’ Roberto Osuna suspended 75 games