The U.S. Federal Trade Commission said Thursday it has launched a probe into the massive cybersecurity breach at Equifax Inc.
The FTC said it was opening an investigation into the company, which disclosed on Sept. 7 that personal information of roughly 143 million Americans had been compromised in a hack. An undisclosed number people in Canada and the U.K. had their information exposed as well.
"The FTC typically does not comment on ongoing investigations. However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach," spokesman Peter Kaplan said in a email statement, according to Reuters.
Meanwhile, U.S. Senate Democratic Leader Chuck Schumer called on Equifax executives to testify before senators, and said the company's leadership should step down.
Richard Smith, the CEO of Equifax, is due to testify on Oct. 3 before a U.S. House of Representatives panel.
About 40 states have joined a probe of Equifax's handling of the security breach.
In the wake the news of the FTC investigation, Equifax shares on Thursday got as low as $89.59 US, their lowest point since February 2015. They later regained ground to close at $96.66 US, down 2.4 per cent from Wednesday.
- Equifax breach provokes frustration for Canadians
- Equifax says 143 million U.S. consumers may have been affected in cyberattack
Equifax on Wednesday put the blame for the breach on a web server vulnerability in its Apache Struts open-source software.
"We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement," the company said.
Several media outlets, including Fortune, reported that the vulnerability was fixed back in early March when patches became available.
Equifax has said the breach of its system occurred between mid-May through July, and it learned of the hack on July 29.
Computer security expert Nate Fick said Equifax's lack of action on the issue was a "massively egregious" breakdown, adding that top company managers should be fired.
"There is no excuse for not following basic cybersecurity hygiene," said Fick, CEO of security specialist Endgame.