Sometime between May and July, 143 million Americans had their personal financial information exposed when Equifax — one of the nation’s top credit reporting agencies — experienced an online security breach. Experts now warn the hack, which became public on Sept. 7, could disproportionately impact active-duty service members who are especially vulnerable to identity theft.

“According to public data on consumer complaints, military consumers report identity theft at roughly double the rate of the general public,” Consumer Federation of America senior fellow Rohit Chopra wrote in a CFA blog post Sept. 11. “Stealing sensitive information about members of the military, particularly those deployed from their normal duty station, doesn’t just raise national security concerns. It can also create financial nightmares for servicemembers and their families.”

In the Equifax breach, hackers stole everything from birth dates and home addresses to Social Security numbers and driver’s license numbers — and more.

“About 209,000 Americans had their credit card numbers stolen, and criminals hacked into certain financial dispute documents with personal identifying information for about 182,000 consumers,” Military Times reported.

Because of frequent moves and time spent without access to internet or banking services while deployed, service members are prime targets for identity thieves — and often don’t catch the signs until it’s too late.

“Since active-duty service members frequently move due to Permanent Change of Station orders, this can make it even harder to quickly learn if they’ve had their identities stolen,” Chopra wrote.

That said, service members may have legal options that other consumers don’t. “If you are serving in uniform, the law gives you the right to place an Active Duty Alert on your credit report,” Chopra wrote. “This will ensure that lenders take extra steps to verify your identity before opening a new account in your name.”

The three major consumer credit reporting agencies — Equifax, Experian, and TransUnion — each have a web page where service members can request the alert.

“The alert lasts for one year and is renewable,” Chopra wrote. “Your name will also be removed from pre-screened offers for credit and insurance products for two years, unless you say that you want them.”

Equifax team members are also reportedly warning consumers when their personal information has been accessed by outside sources via email.

Little is known about the source of the hack, but the Federal Trade Commission is on the case.

“The FTC typically does not comment on ongoing investigations,” spokesman Peter Kaplan said in an email exchange with Reuters. “However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach.”