Credit reference agency Equifax has admitted losing the personal details of about 143 million US citizens - about 44 per cent of the country's adult population - in one of the world's biggest-ever hacks.
The Atlanta, Georgia-based company, which also operates in the UK, publicly admitted the breach on Thursday, warning that "criminals" had exploited a website application vulnerability to access the highly sensitive files between mid-May and July of this year.
Ondrej Vlcek, chief technology and general manager at security outfit Avast, speculated that the attackers exploited a SQL injection vulnerability to gain access.
Information accessed includes names, valuable Social Security numbers, birth dates, addresses and some driver licence numbers, all of which can be used by the attackers to easily hijack the identities of people whose credentials were stolen.
Credit card numbers belonging to approximately 209,000 US consumers were also accessed, as were dispute documents with "personal identifying information" for about 182,000 people.
Equifax says that the hackers also gained unauthorised access to "limited personal information" of some UK and Canadian residents, but has yet to give further details.
"Equifax will work with UK and Canadian regulators to determine appropriate next steps," the company said, somewhat vaguely.
Richard Smith, chief executive of Equifax, described the breach - which is one of the largest ever reported in the US - as "disappointing".
"This is clearly a disappointing event for our company and one that strikes at the heart of who we are and what we do. I apologise to consumers and our business customers for the concern and frustration this causes," he said.
Consumers should "consider looking into a credit freeze that will stop hackers from using your identity to accrue debt" - Ondrej Vlcek, Avast
He continued: "We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.
"We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all US consumers, regardless of whether they were impacted by this incident."
Equifax has set up a dedicated website, where people can check to see if their personal information may have been stolen. Consumers can also call 866-447-7559 for more information.
Equifax is offering customers free credit monitoring using its own breached service, but this move has been slammed by security experts.
Vlcek says that, rather than taking advantage of Equifax's offer, consumers should "consider looking into a credit freeze that will stop hackers from using your identity to accrue debt" and "closely monitor all email, social, credit card and bank accounts closely for suspicious activities".
As if news of the hack wasn't bad enough, Bloomberg reported that three Equifax executives sold company shares worth $1.8 million after the breach was discovered by the company on 29 July. The company claimed that they "had no knowledge that an intrusion had occurred at the time they sold their shares".
The company claims that they "had no knowledge that an intrusion had occurred at the time they sold their shares".
This isn't the first time Equifax has been involved in a serious data breach.
In 2013, the company confirmed that the personal details of a number of famous people - including US Vice President Joe Biden, FBI Director Robert Mueller and rapper Jay Z - were exposed on annualcreditreport.com, a site that enables consumers to monitor their credit reports.
Google push to make the web all-HTTPS forces websites into line
IoT_reaper spreading fast across poorly secured connected devices
Advertising can be targeted to an individual level for less than $1,000
Screen burn more commonly associated with old CRT monitors