Unauthorized access to the information occurred from mid-May to July, the company said, and was discovered by the company on July 29. Equifax, which is based in Atlanta, engaged a outside cybersecurity firm to investigate, the company said.
"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes," Equifax Chairman and CEO Richard F. Smith said in a Thursday news release. "We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident."