You are here

The Equifax Data Breach: What to Do

Share this page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, (This link takes you away from our site. is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting Accounts or activity that you don’t recognize could indicate identity theft. Visit to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.




I to was a victim of this crazy mess , Someone in New Jersey got a hold of my card and actually used it at a Hotel, Mind you I have never being to New Jersey. I had to wait three days before my bank would do anything thing only to find out when the bank looked at it and saw it was in New Jersey at a Hotel , the bank called the hotel only to find out that the people that used my card was still at the Hotel. Now at his point the hotel manager tell my bank that since they were still there they had to call the police, Now the hotel tells the bank that they would call them back and the bank tells me they would call me back. My phone rings and it was the police in NewJersey asking me if I knew these people. { HELL NAW } They tell the police that they bought the Hotel room on face book. Yes I got my money back but botton line there nothing that could be done.

So far my credit and savings account lost $10000.00

Please explain briefly?

Sounds Like A Crime Has Been Committed By The 3 Executives. Stock has fallen 50 bucks a share as of today.

Trading on insider information is a "federal" offense and is or should be prosecuted by the Securities & Exchange Comission SEC.

My thoughts exactly! I noticed it's still Equifax. Why would I give them even more information to compromise?? I'll take my chances. I have other monitoring services.

I have my own identity theft protection and am not interested in Equifax identity theft protection for a year. I want to place a credit freeze with transunion but they want written confirmation that my social was compromised and equifax doesn't seem to want to provide this written proof! Any suggestions?

If you get a notice that your information was exposed in a data breach, you may be at greater risk of identity theft. But that doesn't mean you are an identity theft victim. Here are tips about dealing with a breach.

An ID theft victim is someone who knows their information has been misused, for example to get a new credit card, or a job or file a tax return. If someone used your information to open new accounts or make purchases, go to

My understanding is that when there is a breach, that is an act of breaking into, and when there is unauthorized taking of identification information, that is identity theft.

When there is unauthorized use of identity information, isn't that fraud?

Identity theft happens when someone misuses your identifying information - for example to get a new credit card, or a job or file a tax return. 

So if identity information was taken in the Equifax breach but not used, the takers could not be charged for identity theft?

What could they be charged with?

A break in or hack is criminal.

whats the update on consumer class action suit for 2018?

Good test. I like the way you think!

It could be that the "123456/test" gave 'might be' because Equifax could not reconcile the number and name. Or it could be the site was designed to get as many as possible to sign up for their (cannot sue-->subsequently rescinded) product. But a friend of mine entered her info and it told her that her credit information was not compromised, which would suggest that maybe it is trying to validate the identities correctly.

Classic, I figured that! You can NEVER trust a big company! It's almost like they gain something from having you sign up for the service. I AM NOT INTERESTED IN THE "FREE" service!!!!!!!!!!!!! They just need to be a better custodian of everyone's personal information!!!!

Why do they have access to my personal information anyway? Who gives them the right to dig into my financial history? I didn't even know these agencies existed!

Your bank does. No one could get a loan without them, since it's how banks know you're trustworthy. FDIC insured ones anyway, which is a bit ironic.

This is something I worry about. Is this simply a ploy to make sure the hackers have access to all vital information to enable them to hack us? Equifax was just hacked, what have they done to correct the problem? Is it just going to happen again?

I hate living in Trumps America, I'm afraid all the time!

Just a clue, you were no safer in Obama's America.

Teri, I not only hate living in Trumps America, I don't want to live in America because of hom with all his destruction. Too many articles some say to freeze, some say not to. Paying cash or money orders are great but then you can't shop with Amazon.

Shop online with prepaid cards and gift cards :)

The thing is, if you're keeping that cash in a bank account, that can be accessed by someone with your leaked info. All they have to do is get an id. Then they ARE you. They could withdraw all of your money.

And you honestly think this has anything to do with Trump? Really? How about people put responsibility where it belongs. Personal Responsibility. Or is the lack of that on the likes of Trump too?

I am sorry, but hacking and fraud have been going on way BEFORE President Trump. He didn't cause this..

There were many hacks in Obama's America, too.
This would not seem to be a partisan topic.

don't blame Pres. Trump, obama opened the flood gates

We are living in Trump-Time. Say what you want;Do what you want; Do whatever you need to in order to line your pockets and gain more power. Be smart, take care of your business and PRAY! If something smells ROTTEN, that is because it is. Equifax is rotten!!

Nonsense! Please, just stop the nonsense. We are all sick and tired of EVERYTHING in our lives becoming a political frenzy. Get a life and stop making the rest of us nuts with your nonsense!

People like you kill me. Like we felt so safe under Obama?’! Yeah, right.

Thanks! bogus test and it has been breached, why are they still in business!

Because of "Too big to be allowed to fail"... something we in the US really, really need to fix... by chopping up those corporations and banks.

Did any of you stop to consider that either a hostile nation or a single malicious hacker may have come to realize that by undermining credit confidence they can bring down the world's greatest nation with a simple key stroke? This is what worries me most about this whole issue.

The common business as usual cop-out "may have been" is always very reassuring. The people in charge of our lives are the bosses-the rest us us are just their tools

Trying to get more infornation. I received a letter from AT&T saying my information nay have been exposed.

I believe the language was not retracted but Equifax now allows us to send them a letter stating that we still maintain our right to sue.

The arbitration clause doesn't apply to the cybersecurity incident. Equifax already came out and stated publicly that you are not waiving your right to sue. People who aren't lawyers misread the terms of service and created an uproar

Not exactly. They came out and gave a carefully worded statement that it wasn't related to the data breach. You're still enrolling in their free tools. Some lawyers still think the language is controlling. It's a gray area at best.

The NY, MS, OR, and other Attorney Generals seen to disagree with you on that one.

You are incorrect. The NY Attorney General was the principal figure in convincing Equifax to remove the binding arbitration language from the Terms of Service. What portions of the contract I can find, they incorporate document by reference but do not provide them, it does include an Entirety Clause, which basically means that only the contract itself can be used to interpret the agreement, or put simply, the FAQs, public statements by the CEO or anyone else are essentially legally irrelevant.

So now I'm really confused. I got the wording "may have been impacted" when I put last name and last 6 digits. I didn't go any further on the website, just "X" out. Should I be worried? My credit is in the toilet any ways so I don't know how it could get any worse. What can happen with this breach?

I also put my information in and it stated I may be impacted. I continued on the web because I just filed bk in July and got a car as well and my email keeps telling me my fico is changing.... I have done anything since. So this could be for REAL

All, Ican say is if the scamners can find the money the goverment has taken from me over the years, may I have some too please!

So let me get this straight, Equifax somehow got my personal data, failed to store it, it got hacked, and now I have to pay for monitoring service? Does anyone else see a problem here. I want the heads of all the top execs at Equifax. NOW!

NO they are offering the service for free for anyone who's information may have been compromised.

Equifax is offering their TrustedID Premier service free for only 1 year.
So, what happens after that? What if the perpetrators decide to hold the information for over a year and try to use it when the free TrustedID Premier service has expired? I should not have to pay for ongoing service like that because a company, with whom I am not a paying customer, has collected personal financial information about me and did not take the necessary steps, such as encryption, to guard that information appropriately!

Free credit monitoring for a year. Yeah. But isn't my name, dare of birth and social security number the same forever ??

There is one robot for customer service, and his name is Bud, and Bud's circuits went on overload so, try calling your Congressman for answers. I did and I was told I would get a call back. I think they also use Bud.

No they are offering a one-year trial and then you have to pay after that. They should be required to give us the service for the rest of our lives, not just a one year trial.

Why would anyone want to use their service any way? They just proved how well they protect you. It's like someone fixing to kill you and you offer them the weapon to kill you with. I think I will pass on their security. They should pay for the security company of your choice to monitor you, not themselves.


Leave a Comment