SAN FRANCISCO — Equifax, the credit reporting agency, said Friday that its chief information officer and chief security officer were retiring “effective immediately.” The announcement came one week after the company revealed that a cyberattack potentially compromised confidential information of 143 million Americans. On Friday, the company also provided further details about when it had discovered the breach and which part of its website had been targeted by hackers. But many details about the breach, who was behind it and the computer security defenses at Equifax are still unclear.

What We Know

• Hackers exploited a vulnerability in website software. They gained access to certain files containing names, Social Security numbers, birth dates, addresses and driver’s license numbers. Equifax also said the thieves lifted credit card numbers for about 209,000 consumers. The company on Friday disclosed that around 400,000 British consumers may have also been affected.

• The breach was open from mid-May to July 29. That was when Equifax first detected it. The company said it had immediately worked to stop the intrusion, and the following week engaged Mandiant, an independent cybersecurity firm, to oversee an investigation into the scope and causes of the breach.

• Equifax is making personnel changes following the breach. On Friday, Equifax said its chief security officer, Susan Mauldin, and its chief information officer, David Webb, were retiring. The company said the changes were “effective immediately.”