The Equifax cybersecurity breach that was announced Thursday and may have affected 143 million U.S. consumers’ personal information is sparking outrage in the financial services community.

House Financial Services Committee Chairman Jeb Hensarling announced Friday that he would hold a hearing, and Attorney General Eric T. Schneiderman of New York said he was launching a formal investigation.

Financial reform groups are also warning that the massive breach underscores the need to curb mandatory arbitration and oversee credit bureaus.

“Criminals exploited a U.S. website application vulnerability to gain access to certain files, Equifax said in a statement. “Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.”

The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. 

In addition, Equifax said credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.

Equifax tweeted early Friday:

Hensarling, R-Texas, said that the Equifax breach was “obviously a very serious and very troubling situation and our committee has already begun preparations for a hearing. Large-scale security breaches are becoming all too common. Every breach leaves consumers exposed and vulnerable to identity theft, fraud and a host of other crimes, and they deserve answers.”

He said the hearing would be announced at a later date.

Amanda Werner, arbitration campaign manager for Public Citizen and Americans for Financial Reform, said in a statement that Equifax offers an identity monitoring service, TrustedID, “but buried in the terms of service for Equifax’s TrustedID Premier is a rip-off clause that blocks consumers from joining together in class-action lawsuits against the company.”

Schneiderman tweeted Friday he’s already told Equifax the anti-arbitration clause is “unacceptable and unenforceable” and to remove it.

Continued Werner: “It is despicable that Equifax would exploit consumers’ need for identity theft monitoring to avoid accountability for this devastating breach. Perhaps more despicable, at this very moment, U.S. senators are weighing legislation to take away our right to hold companies like Equifax accountable in court. Repealing crucial consumer protections as new financial scandals break every week would send a clear signal to bad actors like Equifax and Wells Fargo that they can continue to plunder consumers for profit.”

The breach, according to Schneiderman, could impact more than 8 million New Yorkers. 

As part of a formal investigation into the incident announced by his office on Friday, Schneiderman said he sent a letter to Equifax seeking additional information about the breach.