The Atlanta-based company said Thursday that "criminals" exploited a U.S. website application to access files between mid-May and July of this year.
It said consumers' names, Social Security numbers, birth dates, addresses and, in some cases, driver's license numbers were exposed. Credit card numbers for about 209,000 U.S. consumers were also accessed.
The company said hackers also accessed some "limited personal information" from British and Canadian residents.
Equifax said it doesn't believe that any consumers from other countries were affected.
--The Associated Press