Millions of peoples’ personal information may be compromised after cyber criminals got access to one of the three major US credit reporting agencies.

Atlanta-based Equifax said in a statement Thursday up to 143 million people may be impacted after “criminals exploited a US website application vulnerability.”

As of Friday morning, Equifax had not reported how many people were affected in each state.

The company says it's been investigating since it noticed the breach on July 29. Its investigators believe the breach started in mid-May.

Equifax’s statement says the company shut down the unauthorized access immediately when it discovered it.

Equifax says the thieves got access to “names, Social Security numbers, birth dates, addresses and in some instances, driver’s license numbers.”

About 209,000 Americans’ credit card numbers and roughly 182,000 dispute documents with personal information were also compromised, according to the release.

Despite that, Equifax says, “The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.”

Some info might be compromised for people in the UK and Canada as well, the company says.

You can check if your information was compromised at

Or you can call 866-447-7559 from 9 a.m. to 11 p.m. MST.

Equifax says it will offer free credit monitoring for all US consumers, but their website is telling people they can’t enroll until September 13.

You should be aware, however, the site's terms of service include an arbitration agreement, which could nullify any right to join any sort of class action lawsuit over the breach. Equifax says you can opt out of that arbitration agreement by writing to them. You can find the information in Section 4 of the site's 'Terms of Service' section.

The company says it's also alerted law enforcement, the US attorney general, and state attorneys general about the breach.

NBC News is reporting the FBI is involved in the investigation, though as of Friday morning, the agency hadn’t officially said anything about the breach.

Equifax hasn’t explained why it waited from July to September to notify consumers.

The company could be facing extra scrutiny after three executives sold more than $1.88 million dollars in stock in the days after the breach, and before the company had notified shareholders and consumers of the incident.

Chief Financial Officer John Gamble sold nearly $1 million-worth of stock on August 1, according to Securities and Exchange filings analyzed by 9NEWS.

President of US Information Solutions Joseph Loughran sold nearly $650,000 in stock the same day, filings show.

Part of Loughran’s job description on Equifax’s website is providing businesses with “identity and fraud” insights.

Equifax’s President of Workforce Solutions Rodolfo Polder sold more than $250,000 of his stocks in the company on August 2 according to the SEC.

Equifax told the Associated Press the executives “had no knowledge that an intrusion had occurred at the time they sold their shares.”

A fourth executive, Chief Marketing Officer Laura Wilbanks, opted to buy more than 500 Equifax shares on August 1.

Do you have any questions? Email Andrew Sorensen at