Senate Finance Committee Chairman Orrin Hatch (R-Utah) and Ranking Member Ron Wyden (D-Ore.) on Monday called on Equifax Inc., to respond to reports that the firm experienced a data breach exposing personally identifiable information such as Social Security numbers, birthdates, addresses and driver’s license numbers of approximately 143 million Americans.

The breach also exposed credit card numbers for about 209,000 Americans and sensitive dispute documents of approximately 182,000.

Criminals gained access to Equifax systems and files by exploiting a vulnerability in the company’s website.

The U.S. Senate Committee on Finance has jurisdiction over numerous federal agencies and programs that are vulnerable to fraud through the use of personally identifiable information (PII) such as names, Social Security numbers, and birth dates.

“If the names, Social Security numbers, birth dates, and other information of 143 million Americans are now in the hands of cybercriminals, this breach will cause irreparable harm to programs within this Committee’s jurisdiction by way of stolen identity refund fraud, healthcare fraud, and entitlement fraud,” the legislators stated in a letter.

The legislators called the cyber incident one of the largest on record, and also one of the most costly.

“The scope and scale of this breach appears to make it one of the largest on record, and the sensitivity of the information compromised may make it the most costly to taxpayers and consumers.”

Equifax is a critical partner of the Internal Revenue Service, Centers for Medicare & Medicaid Services, the Social Security Administration and other federal agencies that are the sources and recipients of the some of the most sensitive information affecting individuals, as well as the targets of the vast majority of identity theft fraud against taxpayers.

The legislators requested details on the breach and information about what Equifax is doing to mitigate its effects.