The details accessed included names, social security numbers, and, in some cases, driver's license numbers, Equifax said.
In addition, credit card numbers of around 209,000 US consumers and certain dispute documents with personal identifying information of around 182,000 US consumers were accessed, the company said.
"The sheer scope of the breach is extremely troubling," said Ryan Kalember, senior vice president of the cyber-security firm Proofpoint
Equifax also said personal information of certain UK and Canadian residents were also hacked.
The company said it was working with law enforcement agencies and had hired a cyber-security firm to investigate.
"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do," chief executive Richard Smith said in a statement.
Atlanta-based Equifax tracks consumer history and credit card scores for borrowers and lenders. The company also helps consumers manage and protect their personal information.
"On a scale of 1 to 10, this is a 10. It affects the whole credit reporting system in the United States because nobody can recover it, everyone uses the same data," Avivah Litan, a Gartner
In October 2015, Equifax rival Experian Plc
Equifax, which discovered the hack on 29 July, said its core consumer or commercial credit databases were not impacted.
The company said criminals exploited a US website application vulnerability to gain access to certain files. The company did not provide further details.
Last December, Yahoo said more than 1 billion user accounts were compromised in August 2013, while in 2014 e-commerce company eBay Inc
Equifax said consumers could check if their information had been impacted at, www.equifaxsecurity2017.com.
The company's shares were down 8.7 percent at US$134.16 in after-market trading on Thursday.
(Reporting by Yashaswini Swamynathan and Laharee Chatterjee in Bengaluru; Addditional reporting by Dustin Volz; Editing by Sriraj Kalluvila)