Equifax, which supplies credit information and other information services, said Thursday that a data breach could potentially affect 143 million consumers in the United States.
The population of the U.S. was about 324 million in 2017, according to Census Bureau estimates, which means the Equifax incident affects a huge portion of the country.
Equifax said it discovered the breach on July 29. "Criminals exploited a U.S. website application vulnerability to gain access to certain files," the company said.
SEC filings show that three Equifax executives – Chief Financial Officer John Gamble Jr., workforce solutions president Rodolfo Ploder and U.S. information solutions president Joseph Loughran – sold nearly $2 million in shares in the company days after the cyberattack was discovered. It was unclear whether their share sales had anything to do with the breach.
Equifax said in a statement that the three executives sold a "small percentage" of their shares on Tuesday, August 1, and Wednesday, August 2, adding they "had no knowledge that an intrusion had occurred at the time they sold their shares."
The SEC declined to comment on the share sales.
Shares of Equifax fell more than 12 percent in after-hours trading.
The company said the exposed data include names, birth dates, Social Security numbers, addresses and some driver's license numbers, all of which Equifax aims to protect for its customers.
Equifax added that 209,000 U.S. credit card numbers were obtained, in addition to "certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers."