The company said the unauthorised access happened from mid-May to July this year and the information accessed seems to be primarily names, social security numbers, birth dates, addresses and driver licence numbers, but not on its core consumers or commercial credit reporting.

However, credit card numbers for about 209,000 consumers were accessed and personal identifying information for 182,000.

Chairman and chief executive officer, Richard Smith, said: "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologise to consumers and our business customers for the concern and frustration this causes."

The company has set up a dedicated website for consumers to check whether their information has been compromised. It’s also offering free credit-file monitoring and identify-theft protection.

Dr. Barbara Rembiesa, president and CEO of the International Association of IT Asset Managers (IAITAM), said: "It’s two strikes and you’re out for Equifax, which handles some of the most sensitive consumer information in the United States and now has permitted what is perhaps the worst breach of consumer information in our nation’s history.  After the breach debacle that Equifax went through in 2013, just four years ago, there is no conceivable excuse in the world for this kind of failure to happen again."

Equifax also identified unauthorised access to limited personal information for certain UK and Canadian residents.

In the UK, the Information Commissioner’s Office released a statement. Deputy Commissioner James Dipple-Johnstone said: "We are in direct contact with Equifax to establish the facts including how many people in the UK have been affected and what kind of personal data may have been compromised. We will be advising Equifax to alert affected UK customers at the earliest opportunity.

"In cyber-attack cases that cross borders, the ICO is committed to working with relevant overseas authorities on behalf of UK citizens."