Equifax shares tumbled as much as 18% today as cyber security experts and customers criticised the consumer credit score provider's response to a hack that may have stolen personal details of up to 143 million Americans. 

The hack, among the largest ever recorded, was especially alarming due to the richness of the information exposed.

This information included names, social security numbers, birthdays, addresses and driver's licence numbers, cyber researchers said. 

Bigger hacks, such as those disclosed by Yahoo last year that affected a billion and half a billion accounts, did not put as much sensitive information at risk. 

Two proposed class-action lawsuits, one filed in Portland, Oregon, and another in Atlanta, Georgia, alleged that Equifax had been negligent in protecting consumer data. 

Equifax yesterday disclosed the breach it had discovered on July 29, and said criminals had exploited a vulnerability in a website application to gain access to certain files. 

Some cyber security experts criticised Equifax for setting up a support website, equifaxsecurity2017.com, under a different domain than the company's main website, equifax.com.

This practice mirrors a tactic that can be used to fraudulently collect data. 

Atlanta-based Equifax said hackers breached the accounts between the middle of May and July. Accounts of some British and Canadian residents were also compromised. 

The UK's Information Commissioner's Office said the breach "gives us cause for concern," and ICO Deputy Commissioner James Dipple-Johnstone said the office would advise Equifax to alert affected British customers as soon as possible. 

Equifax's larger rival Experian reported a data breach two years ago that exposed sensitive personal data of some 15 million people. 

Equifax handles data on more than 820 million consumers and more than 91 million businesses worldwide and manages a database with employee information from more than 7,100 employers, according to its website.