Equifax Inc. said after the close of stock markets on Thursday that it was the victim of a cybersecurity breach that may affect approximately 143 million U.S. consumers.

The Atlanta-based consumer credit reporting agency said the perpetrators exploited a U.S. website application vulnerability to gain access to some files. Equifax said that based on its investigation, the unauthorized access occurred from mid-May through July 2017.

Information accessed in the breach primarily includes names, Social Security numbers, birth dates, addresses and some driver's licence numbers.

Equifax also said credit card numbers for approximately 209,000 U.S. consumers, and some dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.

Additionally, Equifax also found unauthorized access to limited personal information for some Canadian and U.K. residents. The number of people affected in that part of the security breach was not disclosed.

"Equifax will work with U.K. and Canadian regulators to determine appropriate next steps," the company said, adding that it has "found no evidence that personal information of consumers in any other country has been impacted. "

The company said it found the unauthorized access on July 29, and hired a cybersecurity firm that has been conducting a forensic review to determine the scope of the breach, including the specific data impacted.

Shares of Equifax fell more than six per cent to $134 US in after-hours stock trading following the announcement.