Massive Equifax security breach now being probed by U.S. Federal Trade Commission

The FTC said it was opening an investigation into Equifax, which disclosed on Sept. 7 that personal information of roughly 143 million Americans, along with people in Canada and the U.K., had been compromised in a hack.

Equifax CEO expected to testify before Congress in early October

Company Equifax is one of the largest credit monitoring services available. (Mike Stewart/Associated Press)

The U.S. Federal Trade Commission said Thursday it has launched a probe into the massive cybersecurity breach at Equifax Inc.

The FTC said it was opening an investigation into the company, which disclosed on Sept. 7 that personal information of roughly 143 million Americans had been compromised in a hack. An undisclosed number people in Canada and the U.K. had their information exposed as well.

"The FTC typically does not comment on ongoing investigations. However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach," spokesman Peter Kaplan said in a email statement, according to Reuters.

Meanwhile, U.S. Senate Democratic Leader Chuck Schumer called on Equifax executives to testify before senators, and said the company's leadership should step down.

Richard Smith, the CEO of Equifax, is due to testify on Oct. 3 before a U.S. House of Representatives panel.

About 40 states have joined a probe of Equifax's handling of the security breach.

In the wake the news of the FTC investigation, Equifax shares on Thursday got as low as $89.59 US, their lowest point since February 2015. They later regained ground to close at $96.66 US, down 2.4 per cent from Wednesday.

Equifax on Wednesday put the blame for the breach on a web server vulnerability in its Apache Struts open-source software.

"We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement," the company said.

Several media outlets, including Fortune, reported that the vulnerability was fixed back in early March when patches became available. 

Equifax has said the breach of its system occurred between mid-May through July, and it learned of the hack on July 29. 

Computer security expert Nate Fick said Equifax's lack of action on the issue was a "massively egregious" breakdown, adding that top company managers should be fired.

"There is no excuse for not following basic cybersecurity hygiene," said Fick, CEO of security specialist Endgame.

with files from Reuters, The Associated Press