You are here

The Equifax Data Breach: What to Do

Share this page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, (This link takes you away from our site. is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting Accounts or activity that you don’t recognize could indicate identity theft. Visit to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.




where is the Potential Impact tab

That tab is immediately below the heading on the linked page. The heading reads:
"Cybersecurity Incident & Important Consumer Information"

scroll to bottom of page

where is the potential impact tab?

Top of page at

Again? Really?

This is great. Not only do they charge a fee for me to put a credit freeze on my account, it doesn't guarantee others won't be able to open accounts in my name.

Not to mention equifax, which has been made so important for people to get loans or credit cards, has a system that has been breached. Good job on protecting your clients, equifax.

And what do we get in return for this hot mess? Perhaps an apology and a free credit report. Thanks for nuthin, equifax. Way to go!

The free service Equifax is offering is only for "monitoring" and offers NO protection! This is incredible

well, sadly not surprised. Let's be honest: All the "Credit Bureaus" (as well as the FICO monopoly that surprisingly no Americans appear to ever have challenged) are owned by the Financial services industry who call the shots. I think it's equally sad that no one is challenging the fact that FICO is a monopoly and that its algorithms aren't clearer--and appear arbitrary.

As far as the protection offered for free, this should already have been offered by ALL 3 credit bureaus. The financial services industry dictates how they function, and they DEFINITELY have the means to pay for protecting their enforced membership. I always thought it was ridiculous to have to pay for credit monitoring! This is something that should have been part of their responsibility as guardians of our information! It's not too late to protest! And lobby the FTC to change the rules to favor consumers over the financial services industry!

And if they find something in that "monitoring" period, will they wait 3-4 months to tell you about it like this time???

Better yet, The monitoring company they want us all to sign up with is owned by... Wait for it...Equifax!

That free service also excludes them from any liability.

We, the public, are not clients of the credit agencies, we are their "products" to mine and harvest. Just like you are not, as a Facebook user, their customer, you are the product. The clients/customers are companies that pay for your information or pay for ad exposure. Not that any of this makes you feel any better!

"Clients"? I don't recall ever giving permission to this company to house any information of mine. And yet, they took it, mishandled it, and now it can have a huge impact on my life. This should be illegal.

Do not use the "credit monitoring" service. There will be a class action lawsuit against equifax. Part of the terms are an agreement to use binding arbitration. This is more dirty work on the part of equifax. Watch your bills closely for irregularities, get the annuals from the other agencies but not all at once. Space 'em out.
One other thing: does equinfax really think I'm going to give them my SSN/name voluntarily to find out if they gave away my data? As soon as the execs who insider traded their stock give me a piece of their profit, I'll think about it.

we are not their clients, the businesses that want to know our credit standing are their clients, evidently i am just a pawn...

Remember, we are not their clients. we are the crop to harvest for creditors, lenders and telemarketers, their real clients. The Consumer Financial Protection Bureau was to have been our advocate. We can only hope the FTC has some consumer advocates.

This is how the rich get richer. My feelings exactly what a crock of crap equifax you are one of the three credit card bureaus. How do you let this happen? AN apology don't hold your breath!! Shame on you.................

What kind of deal is this??? Should have been notified right then!!!!!!

The suits had to have time to sell their stock before it crashed due to the breach. The FCC should look into this but probably wont.

What makes me mad is that high level executives sold company shares just a few days after they found out about th breach. Wondering why.


This would most certainly be considered insider trading. If true these guys need to go to jail.

YES. FTC should fine these execs an amount GREATER than the profit they made from these sales.

I know, I heard that early Friday morning on Sirius XM on Fox News. Unbelievable! I have been working on getting my credit straightened out bc of ID theft for several months. Now, this???
When I called the number to put a credit freeze on my accounts the option to freeze it just takes me to the information explaining how to do it. It doesn't even direct you to the directions it's telling you to go to. They are even charging $5 - $10 to place a freeze on your account. I think the government should delete Equifax and force them to pay customers for the inconvenience and horror known as "ID theft"!

How do you know this? This would be the biggest issue to me. Breaches will happen. But reports and coverups are not ok.

If this is true, these company executives need to be hung. Of the companies out there that should never-ever get hacked, whereby at all costs they should protect the extreme sensitive data that they have on us, should be the three major credit agencies.

I'm hoping while we're all worried about our SSNs, that they all get assigned a brand new inmate number for their corruption

Yeah executives always know the problems well in advance. I've lived through that it's the pee-ons that are last to know, unfortunately.

This is insider trading and should be reported.

I am a victim of this data breach, I have been calling the Equifax # numerous times in your report, there is an Equifax recording that says all of their representatives are busy helping other consumers then the line hangs up. There is no way to get through to Equifax right now. Their phone system has no hold option.

Try 866 447 7559

If you had this problem in Illinois you could try the state attorney general. Try that if you have a governmental office like that.

their main office is in florida...they're a little swamped right now. Keep checking back but don't be surprised if you don't get through for a few days.

In addition to the free year of identity theft protection, Equifax should also be ponying up the fees ($5 - $10 per credit bureau, varying by state) that consumers will be charged to place / lift a freeze on their accounts, just as a matter of principle.

Being stubborn and not doing this to save a potential $15-30 for all three is just plain dumb. Is it a pain? Yes. Is it worth it? Yes. Don't get your identity stolen for "principle" that's just stupid!

Equifax should provide this service for free for life, not 1 year. All the personal info compromised has been with me my entire life and will remain. This info can be used by cyber criminals long after the 1 year free period expires. Also they should reach an agreement with the other credit reporting agencies to monitor those who have been affected by this preach and pay for it.

Equifax Offer Should be offering Free Identity Theft Protection Service for Life Time! plus all freeze fees any of us are exposed to protect ourselves!

I agree! My identity was stolen in March, and a credit card opened in my name, just days after I completed my "free" credit report through equifax. I was surprised to see they are reporting the breach started in July. I paid $30 to freeze my credit with all three bureaus. I feel like equifax should at a minimum refund those fees to me.

Please take note, that the fine print for the Premier credit monitoring service offered by Equifax states that in accepting their offer, you waive the right to participate in any class-action lawsuit brought against them regarding the matter.

I wish there was a way to signal boost this comment!!! DO NOT SIGN UP FOR THE FREE YEAR OF CREDIT MONITORING!!!

From their website:
In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident.

I agree with arguzman. Don't do not sign up for a free year or credit, I wouldn't even sign into Equifax to see if my data is hacked. I do not believe they have it secured.

They since have taken that portion out and you are allowed to still be apart of a class action law suit.

I heard about that on the radio. Please FTC, let us know how we can get the info we need from Equifax without ending up paying for their services or making ourselves any more vulnerable than we already are. What is the FTC doing now to protect consumers. Should companies like Equifax have the kind of power they have if they can't even manage our data securely?

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

They should be forced to provide a third-party solution. Offering the chance for continued mishandling of personal data is a reward for them, not a service to us.

And I don't trust in that one bit.

Know how many lawyers are working overtime this weekend?

I never wanted to be an Equifax customer in the first place.

Can you explain what that means? Sorry, probably a stupid question. I'm just confused.

Here is the info I have found. "Despite the CFPB's move to ban arbitration clauses, the rule has not yet gone into effect, according to the agency. That won't happen until Sept. 18, the CFPB said. What's more, the rule doesn't work retroactively, meaning the Equifax legalese would not be covered anyway. The ban only affects contracts made after March 19, 2018, six months after the rule takes effect. “Equifax could remove this clause so consumers can receive this service without condition,” the CFPB said in a statement.
The future of the ban is itself in doubt; just after the CFPB approved the rule, House lawmakers voted to repeal it. The motion to repeal must still be voted on by the Senate and signed by President Trump to become official, but if it does, then the CFPB's regulation could be nixed. “Just because someone in the marketing department wrote that the terms of service don't apply to the cybersecurity incident means nothing compared to the contractual obligations of the terms of use,” he said.
“If you look back at the TrustedID terms of use, the last paragraph says 'entire agreement between us,' which basically reiterates that the terms of service is the entire agreement and anything else you read on the website have no applicability.”


Leave a Comment