Credit reporting giant Equifax last night reported a hack which exposed the personal details of 143m Americans, with some UK citizens also affected.
Names, social security numbers, birth dates and addresses were among the primary information accessed, but the hackers also accessed credit card numbers for 209,000 US consumers, as well as "dispute documents" with identifying information for 182,000 US consumers.
The hackers had access to the data from at least the middle of May until July 2017, before the breach was discovered on 29 July, Equifax said in a release.
The total US population is 323m, meaning the hack potentially exposed the information of almost half of the nation.
The hackers had access to "limited personal information" for British consumers, Equifax said. It did not identify which UK records had been accessed, but noted it will work with British regulators.
The company said its core consumer and commercial credit reporting databases had not been breached, although it said its investigation was ongoing.
Richard F. Smith, Equifax chairman and chief executive, said: "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do.
He apologised and added: "We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations."
The firm has set up a website offering free credit file monitoring and identity theft protection for US consumers for one year, as well as opening a US call centre. It will also contact all of the people whose credit card records were accessed by post.