Credit monitoring company Equifax has been ordered by a UK regulator to alert British customers affected by a cyber attack that saw the data of 143 million people breached.
The request from the Information Commissioner’s Office (ICO) comes after the US firm said that “criminals” exploited a website application to access its files.
The information accessed includes names, credit card numbers, social security numbers, birth dates, addresses and driver’s licence numbers.
Equifax said that the breach extended to “limited personal information” for certain UK and Canadian residents.
The ICO’s deputy commissioner James Dipple-Johnstone said: “Reports of a significant data loss at US-based Equifax and the potential impact on some UK citizens gives us cause for concern.
“We are already in direct contact with Equifax to establish the facts, including how many people in the UK have been affected and what kind of personal data may have been compromised.
“We will be advising Equifax to alert affected UK customers at the earliest opportunity.”
For its part, Equifax said it is working with UK and Canadian regulators to determine the appropriate next steps.
Lenders rely on the information collected by credit bureaus such as Equifax to help them decide whether to approve financing for homes, cars and credit cards.
Atlanta-based Equifax discovered the hack in July, but only informed consumers this week.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” Equifax chief executive Richard Smith said in a statement.
“I apologise to consumers and our business customers for the concern and frustration this causes.”
It has since emerged that three Equifax executives sold shares worth a combined $1.8 million (£1.3m) a few days after the company discovered it had been hacked.
However, Equifax said the three executives “had no knowledge that an intrusion had occurred at the time they sold their shares”.
Cyber attacks have become an increasing problem for big firms that hold a large amount of customer data.
HSBC and TalkTalk are among the most high profile British firms to be hit in recent years.