(Adds Schumer comments and Apache Struts vulnerability, updates stock movements)
WASHINGTON, Sept 14 (Reuters) - The U.S. Federal Trade Commission said on Thursday it was investigating Equifax Inc's massive data breach, a rare public confirmation, as a top Democrat suggested the credit-monitoring company's corporate leaders might need to resign.
Senate Democratic Leader Chuck Schumer also compared Equifax to Enron, a U.S. energy company that was consumed in scandal after revealing in 2001 that it engaged in widespread accounting fraud.
"It's one of the most egregious examples of corporate malfeasances since Enron," Schumer said, calling Equifax's treatment of consumers afterward "disgusting" and its inability to protect data "deeply troubling."
Shares of Equifax tumbled to a more than two-year low as criticism of its cyber security practices piled up after it confirmed a fixable web server vulnerability was exploited in the hack, but the stock later recovered somewhat.
"The FTC typically does not comment on ongoing investigations," spokesman Peter Kaplan said in a brief email statement. "However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach."
Schumer said Equifax's chief executive officer and board might need to resign if the company does not take concrete steps within the next week to protect consumers and agree to testify before lawmakers and federal regulators.
"We need to get to the bottom of this - the very bottom, the murky bottom, the dirty bottom," he added.
Confirming what many cyber security experts expected, Equifax said late on Wednesday that hackers used a flaw in its open-source Struts software, distributed by the nonprofit Apache Software Foundation, to break into its systems. A patch for the vulnerability was issued in March, two months before Equifax said hackers began siphoning data.
Equifax shares touched $89.59, their lowest since February 2015, but later regained most of the day's losses to trade at $97.80, down 1.2 percent.
Equifax representatives did not immediately respond to requests for comment on the FTC probe.
The company disclosed the breach on Sept. 7, saying thieves may have stolen the personal information of 143 million Americans in one of the largest hacks ever. It learned of the hacking on July 29.
Nearly 40 states have joined a probe of its handling of the breach. Equifax CEO Richard Smith is expected to testify on Oct. 3 before a U.S. House of Representatives panel. (Reporting by Dustin Volz, Susan Heavey, Diane Bartz, Jim Finkle and Dan Burns; Editing by Jeffrey Benkoe and Lisa Von Ahn)