Credit reporting company Equifax announced Thursday that a “cybersecurity incident” could potentially affect up to 143 million of its US customers. This story is still developing, but here’s everything we know so far. 

What happened?

According to a press release from Equifax, hackers exploited a vulnerability in the company’s US web application to gain access to certain files. Upon further investigation, the company discovered that those files were accessed from mid-May through July 2017, although there is no evidence of “unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.” This data breach potentially impacts up to 143 million US customers.

What data was compromised?

According to Equifax, compromised data includes names, Social Security numbers, birth dates, addresses, and in some cases, driver’s license numbers. Additionally, 209,000 customers’ credit card numbers, and certain dispute documents containing personal identifying information for about 182,000 customers were also exposed. Equifax also discovered that access to limited personal information for some UK and Canadian residents may have also been exposed.

When was the data breach discovered?

According to Equifax, the data breach was discovered on July 29, and the company acted immediately to block the attack. The company then contacted law enforcement and hired a third-party cybersecurity firm to determine how the attacker gained access to their internal system, and what data was impacted.

I’m an Equifax customer. What should I do now?

If you are an Equifax customer, the company has set up a website to help determine if your information was affected by the data breach and offers the option to sign up for credit file monitoring and identity theft protection.

Moreover, here are some additional tips from the experts here at Dashlane:

  • Frequently monitor your account statements and credit reports, and report any suspicious activity to your financial institution. The faster you can identify identity theft, the less damage will occur. You can even sign up for an automated service that will alert you to suspicious changes.
  • Secure all your online accounts with strong, unique passwords and two-factor authentication. Following large data breaches, cyber criminals are known to attempt to use stolen data to access online banking accounts, travel-related accounts, insurance accounts, and email accounts–all of which store your most sensitive financial and personal information. Use unique, strong passwords for every account so an attacker can’t access the “whole portfolio” of your identity with your reused passwords.
  • Consider placing a freeze on your credit report. A credit freeze lets you restrict access to your credit report, making it harder for an identity theft to open a new account under your name. A credit freeze does not affect your current credit score and remains in place until you ask the credit reporting firm to remove it.

Learn more about how to prevent identity theft by reading these related articles:

This is how fast a hacker can steal your identity after a data breach

The Hidden Costs of Identity Theft You Didn’t Know

How to Protect Your Identity While Filing Taxes