Credit reporting firm Equifax on Thursday announced a data breach impacting around 143 million US consumers.

The unauthorized activity, which occurred from mid-May through July 2017, was discovered on July 29. Equifax says hackers exploited a website application vulnerability to gain access to users’ names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.

Credit card numbers of approximately 209,000 consumers were also compromised, as were certain dispute documents with personally identifying information belonging to roughly 182,000 users. Equifax also found unauthorized access to limited personal information for certain Canadian and UK residents.

One positive takeaway is the fact that the company has found no evidence of unauthorized activity on its core consumer or commercial credit reporting databases.

The credit reporting company said it immediately took steps to stop the intrusion and reached out to a leading cybersecurity firm to conduct a comprehensive forensic review. Law enforcement was also contacted, we’re told.

Equifax Chairman and CEO Richard F. Smith said it is clearly a disappointing event for their company and one that strikes at the heart of who they are and what they do. The executive apologized to consumers and business customers for the concern and frustration the matter has caused.

Equifax has set up a dedicated website to help consumers determine if they’re impacted by the breach and to sign up for credit file monitoring and identity theft protection services. The offer is complementary for a period of one year.