The Equifax Data Breach: What to Do

Share This Page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, (This link takes you away from our site. is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting Accounts or activity that you don’t recognize could indicate identity theft. Visit to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.




They dropped this requirement, due to negative responses.

Equifax has posted on 9/8/2017 a notice on their website ( stating that you DO NOT waive the right to participate in any class-action lawsuit brought against them regarding this particular incident.
Below is from their site:

In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident.

This article states that on Friday Equifax said "The company's arbitration clause and class-action waiver would not apply to this incident"

Where does it say that? I can't find it

After that fine print class-action waiver language was pointed out to the FTC, Equifax backpedaled and agreed that this would NOT include ramifications of the current breach. So they probably TRIED but failed. My brother raised a couple good points. 1. WHY isn't this data kept off the grid? 2. How about people who already HAD frozen accounts -- was their data breached? 3. They should be taken down. They didn't fail their customers... banks, mortgage and credit card companies. They failed US.

A class-action lawsuit for 140+ million people. Even if you join the lawsuit you might get five dollars. It's not worth it to not except free credit protection

...but not the right to file a lawsuit. You should be clear with this, because joining a class action and suing yourself are different things.

The criminals keep reaping the benefits and the innocent good doing people keep getting screwed over. What hope is there? What can we trust or rely on?

FTC and equifax do not care about us. I tried enrolling in equifax's protection program, and I have to wait until 9/13 to enroll. Wow, you would think something as serious as a data breach of PII, actions would be taken immediately.

You can rely on getting screwed by the corrupt politicians that you keep voting into office.

Mine said the same thing and didn't bother to tell me whether not I was breached or not. I then called and nobody could tell me anything. They told me to go to FTC website because there was a list there but there wasn't. They're excuse was there was a lot of new people that didn't know what they were doing. They ended the conversation by saying that it sounded like I thought I was a victim of identity theft and I should call my local law enforcement and report it. I have no evidence that any of my info has been used. Everything is currently normal. I just wanted to know if my data was breached so I could protect myself in the future and nobody could tell me. Why set up a phone number if nobody can tell anything or even send you to the right place. I have to call them again and see if they've sorted things out because I'm afraid to enter my info on the website again.

First you let yourself be hacked (Supposedly) for three months. Then you wait another 2-3 months in order for the(Supposed)Hackers to cover their trail. Then you ask us to reveal even more than the last four digits of our SS number by sending them to your (Supposedly) hacked servers. You should be shut down permanently. I believe you orchestrated the whole thing for political motives, that's my opinion. A study should be done of just who gets harmed by this (Supposed) breach and their political party and donation record!

I was thinking the same thing! That it's a setup.

Not only is Equifax responsible for this fiasco...but their top executives have become under the scrutiny of the SEC. The Execs knew that the unveiling of this "hacking" bomb would invariably send Equifax's stock plummeting. So instead of facing the music like humans, they sold mega shares of stock, months before the story broke. Of course, the day after the debacle was reported the stock did indeed take a nosedive. These tactics by the upper management in a company is not just unscrupulous, it is illegal and felonious. Being litigious in this case, as far as I am concerned, is warranted and seeing those felons behind bars for keeping this quiet is sweet.


I agree with Revealer totally. But firstly they should do away with all these funky credit bureaus. They are in my opinion as bad as the hackers and this is a scam in itself.

Im conservative and my whole family has been affected. You?

AND, a couple of executives dumped $2 million of their stock on August 1 & 2 ... just after the July 29 breach. THOSE 2 guys need immediate investigation, too! Yeah ... they have our interests at heart.

All these companies constantly get hacked because they have lax security and there are basically no real penalties for them.

Make them pay a fine per person/per incident to the person whose data was exposed and watch them start taking their security seriously. If they can't secure the data they should not be holding it.

Exactly, Eddie. These companies are getting wealthy using the public's personal data. They have a moral obligation to protect it. If you ask me, this is every bit as serious as the Enron/Arthur Anderson case.

Actually there is a penalty, Equifax has lost credibility and will lose business. Ask the innocent employees who lost their jobs at Arthur Anderson after the Enron scandal broke about consequences. All that be said there is that was pure criminal activity. This was faulty software security practices.

Agreed. Make them pay a fine and they will figure out how to secure the data.

If you think a fine will cause them will figure out how to secure the data then you better make it a multibillion dollar fine. That would be a start. But if you want them to take security seriously there should be criminal penalties for senior execs for this level of gross negligence.

So we only get 1 yr free? My SSN stays with me forever so why don't we get protection forever? Also why are they providing their credit monitoring service and not a third-party who isn't trying to resale a product. They got hacked/breached why would their credit monitoring be any better than the "credit service" they provide. The federal government should be doing more to protect us and hold Equifax accountable.

Preach it!

If you sign up for their free service, you waive the right to participate in a class-action lawsuit, and they will pummel you with advertisements for an entire year.

Couldn't agree more. Since we can't change SSN even if we wanted to, they should be required to provide lifetime credit protection and repair coverage. One year monitoring is insufficient. The government needs to protect people from companies that collect information that can lead to identify theft.

They should also have to compensate people for any expenses incurred. It can take years to recover from identity theft.

Inexcusable that such sensitive data was not made bullet-proof from hacking. Waiting to tell consumers, and if true, selling stock before releasing such information is criminal and anyone guilty should be fully prosecuted to the full extent of the law.

What LAW? What Inforcers? What Justice? These pronouns are for the privigled elite-not us serf`s-I mean deplorables-I mean minions-I mean.....Caste system.


I agree it is criminal. People trust their livelihood with these people at Equifax .I completely agree it is criminal. People trust their livelihood with these people at Equifax . We trusted that they would protect our Identities and financial accounts . It's like opening the door and telling the criminals to walk in and take whatever they want by not taking the necessary precautions to protect us . It's like opening the door and telling the criminals to walk in and take whatever they want . Then selling their shares to protect their own financial interests? They're criminals, and deserve to be prosecuted to the full extent of the law.

Our company just sent an email stating to absolutely NOT go to equafaxsecurity2017. Who are we supposed to believe. This is so frustrating!

what company do u work for that warned u?

I'm confused as well! I don't know what to do.

I knew that site sounded the hackers site. We should be able to go to the equifax site and take care of everything! And the last 6 digits of our SS#? I don't think so!

It's only monitoring & NOT protection, AND it's only free for a year. The thieves have your SSN for life now! If you don't write to an obscure POBox address in their fine print, they will begin charging you for credit monitoring service starting on the first day of month 13. Yeah .... we're ALL going to remember to do that next year, right?!?!?!??!?! PLUS, more importantly, you give up your right to court & must accept arbitration, where consumers invariably get less compensation & the companies (perpetrators) get the best deals compared to court cases. Vampires!

Write to the federal Consumer Financial Protection Bureau (CFPB) at their government website (maybe each state's Attorney General, too) & complain that Equifax should pay for all credit freeze & removal fees consumers have to pay to any or all 3 credit bureaus. And that because SSN theft is for life, they should offer monitoring for life. The executives who walked away w/$2 million in stock sales 3-4 days after the breach is a clear indication they can afford to pay every consumer in the US (Canada & the UK were also affected) for the lifetime fees their negligence has caused at least 50% of the US population.

There was also a warning on the national news yesterday not to access this address because it is "not secured."

For a company that is all about one's private business, the least you could do is to keep the information safe. Incompetence is so lame.

I agree with AH, plus Thanks a lot, still doing what you normally do. Ruin people's lives.

How come "clean up" is left to us? It's not OUR mistake. Nice going.

One year of free credit monitoring is okay, but is not good enough. Those criminals will hold on to the private/personal information for at least 6 months before they use or sell these information. Equifax should offer, at a minimum, 2 YEARS OF FREE CREDIT MONITORING.

They need to give more than just a monitoring service. it needs to be a Protection Service, which clearly they can't do. It needs to be third party, and needs to be at least 7 years. Offering a monitoring service after this big of a breach is like your dentist knocking your teeth out but giving you a toothbrush for free... well this year at least

SSN can’t change, the only acceptable response from Equifax would be to offer all of their monitoring and protection services for free for life. A smart identify thief would simply wait a year or more to use the info after the free year of monitoring expires. Also placing a freeze on your report, from all 3 bearus should be free regardless.

Two years would not be good enough. Anyone impacted should get that service for life! This is a disaster that will follow us for life.

Minimum of 5 yrs. I don't know what monitoring is going to do anyway. If they are going to hack into your information, they already have your bank account numbers and credit card numbers. They will cause you hell that is for sure. They filled out my tax return back in 2011 and it was almost 2 yrs before I got my tax refund.

Feds would bury a small company with fines for even a small breach and put it out of business. Let's see what they do about Equifax.

somehow the financial services industry always seems to be excel (or treated w kid gloves) in any breach of anything.

What a mess-Thank you for the info and process to correct

It was nice of these companies to tell us months after the breach, and after they had a chance to sell their stocks before the announcement. They are just as bad as the hackers who stole Americans info!!

Right up there, No Doubt !


Leave a Comment

Comment Policy