About 143 million US customers of credit report giant Equifax may have had information compromised in a cyber security breach, the company has disclosed.
Equifax said criminals accessed data such as Social Security numbers, birth dates and addresses during the incident.
Some UK and Canadian customers were also affected.
The firm’s core consumer and commercial credit databases were not accessed.
Equifax said hackers accessed the information between mid-May and July, when the company discovered the breach.
The hackers accessed credit card numbers for about 209,000 consumers, among other information.
The company said it would work with regulators in the US, UK and Canada on next steps. It is also offering free credit monitoring and identity theft protection for a year.
The breach is one of the largest ever reported in the US.
Yahoo last year said about 1 billion user accounts may have been affected in an incident dating back to 2013. About 145 million eBay accounts were compromised in a 2014 breach.
Equifax chief executive Richard Smith said the incident was “disappointing” and “one that strikes at the heart of who we are and what we do”.
“I apologise to consumers and our business customers for the concern and frustration this causes,” said chairman and chief executive Richard F Smith.
“We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.”