Peter Kaplan, FTC’s acting director of public affairs, said that the agency typically does not comment on ongoing investigations in a statement obtained by Politico.
“However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach,” Kaplan said.
Equifax, one of America’s three major credit bureaus, said last week that a “cyber security incident” might have exposed the names, Social Security numbers, birth dates and addresses of 143 million Americans. Driver’s license numbers might have also been accessed, the company said.
The breach took place from mid-May through July 2017, according to Equifax.
>> Related: Equifax reports massive data breach that could affect 143 million in U.S.
Equifax set up a website to help affected consumers and keep them abreast of updates in the company's investigation. On a frequently asked questions section of the site, Equifax officials identified the flaw that allowed hackers to access sensitive information as one flagged publicly last year.
A patch for the vulnerability, Apache Struts CVE-2017-5638, was released by The Apache Software Foundation in March, Bloomberg reported.
>> Related: Equifax cyberattack: What to know
Sen. Mark Warner, D-Virginia, a member of the Banking, Budget and Finance committees and cofounder of the Senate Cybersecurity Caucus, on Wednesday called for an investigation into the data breach.
"The volume and sensitivity of the data potentially involved in this breach raises serious questions about whether firms like Equifax adequately protect the enormous amounts of sensitive data they gather and commercialize," Warner wrote in a letter addressed to FTC Acting Chairwoman Maureen Ohlhausen.
>> Related: Equifax cyberattack: How to get a free credit report, protect your identity
He called the incident “one of the largest, and potentially most impactful, breaches in recent history.”