A huge security breach at credit reporting company Equifax has exposed sensitive information, such as Social Security numbers and addresses of up to 143 million Americans. Unlike other data breaches, those affected by the breach may not even know they're customers of the company.

​

Equifax (EFX) is one of three nationwide credit-reporting agencies that track and rate the financial history of consumers. The company gets its data from credit card companies, banks, retailers and lenders -- sometimes without you knowing. The data breach is among the worst ever because of the amount of people affected and the sensitive type of information exposed.

​

The company says as many as 143 million people in the United States were hit. Others in the U.K. and Canada were also impacted, but Equifax hasn't said how many. Credit card numbers for about 209,000 U.S. customers were compromised, in addition to "personal identifying information" on about 182,000 U.S. customers.

​

Equifax said it will send notices in the mail to people whose credit card numbers or dispute records were breached. The company said it found no evidence that consumers in other countries were affected beyond the U.S., U.K. and Canada.

​

The hackers accessed personal information such as names, Social Security numbers, birth dates, addresses, credit card numbers and the numbers of some driver's licenses. Equifax said the breach happened between mid-May and July. It discovered the hack on July 29 and then informed the public about it on September 7.

​

Equifax said criminals "exploited a U.S. website application vulnerability to gain access to certain files." A company spokesperson did not immediately respond to a request for further comment. The company hasn't clarified who is behind the breach, but noted that an investigation is ongoing.

​

Equifax is proposing that customers sign up for credit file monitoring and identity theft protection. It is giving free service for one year through its TrustedID Premier business, regardless of whether you've been impacted by the hack. To check whether or not you were affected, visit www.equifaxsecurity2017.com and once submitted, you will receive a message indicating whether or not you've been affected.

​

Then, you have the option to enroll in the program, but if you sign up, you may be limiting your rights to sue and be forced to take disputes to arbitration. You may be able to  opt out of that provision if you notify the company in writing within 30 days. In addition, some attorneys argue that even if you don't opt out, the arbitration provision does not cover suits related to this breach. So all in all, enrollment in the program isn’t recommended, but may be a necessary evil.

​

New York Attorney General Eric Schneiderman launched a formal investigation into the hack on Friday. Meanwhile, Congressman Ted Lieu, a Democrat from California, sent a letter to House Judiciary Committee Chairman Bob Goodlatte, and ranking member John Conyers calling for a hearing to investigate the data breach.

​

The House Financial Services Committee Chairman Jeb Hensarling, a Republican from Texas, also said his committee will hold a hearing on the breach.

​

"The CFPB is authorized to take enforcement action against institutions engaged in unfair, deceptive, or abusive acts or practices, or that otherwise violate federal consumer financial laws. We are looking into the data breach and Equifax's response, but cannot comment further at this time," a spokesperson from Consumer Financial Protection Bureau told CNNMoney.

​

The Equifax breach is one of the largest breaches ever. Some other high profile examples include two breaches at Yahoo -- the bigger one involved 1 billion accounts, the lesser impacted 500 million -- and a hack at Myspace that involved 360 million accounts. Make sure to keep tabs on your financials, and clean up any messes before it explodes into a larger identity theft issue.