Credit reporting firm Equifax admitted today that its site was breached through an exploit between May and the end of July, resulting in the theft of 143 million US citizens’ records.

That includes names, address, dates of birth, social security numbers, and even driving license information; the company noted that credit card numbers for 209,000 US consumers’ credit card numbers were also accessed, along with dispute documents containing personal information of 182,000 more people.

This breach is one of the largest in history, and perhaps one of the most damaging to people in the US, as it includes enough information on each person for a criminal to steal their identity and do things like open bank accounts, and access other services by providing these details on websites and over the phone. And that’s nearly half of America’s population we’re talking about.

As if that wasn’t bad enough, three Equifax executives were allowed to sell $1.8 million worth of company stock days after the breach was discovered on July 29 – which indicates that Equifax didn’t acknowledge the gravity of the situation at hand.

Equifax has set up a website and hotline to address customers’ concerns – but Ars Technica notes that the new site isn’t as secure as it should be. You’d think that after massive breaches like the one Yahoo faced last December – which saw a billion accounts’ details exposed – companies with confidential information would take additional precaution to protect their online properties. Hopefully, the other two major credit reporting firms in the US will learn from this and prevent further data theft.

Read next: Google is killing off its Drive desktop app to make way for a smarter one