The Equifax Data Breach: What to Do

Share This Page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, www.equifaxsecurity2017.com. (This link takes you away from our site. Equifaxsecurity2017.com is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting annualcreditreport.com. Accounts or activity that you don’t recognize could indicate identity theft. Visit IdentityTheft.gov to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit Identitytheft.gov/databreach to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.

 

 

Comments

RICO Equifax's executives who sold their stock while we were getting stuck!
Prison's not enough for them

This issue with Equifax is when you check to see if your info was compromised, which mine was, Equifax automatically enrolls you in a free watch program with an AUTOMATIC renewal. The later is a false offering! If they cover you for a year of free monitoring that should be an election without securing it with a credit card so it ends at a year. To make this an auto renewal places an unfair burden on the consumer whose information was hacked. We do not voluntarily give our SS and other credit info to them, this comes from merchants. I lodged a complaint because although Equifax gives an olive branch the way they do it is just as bad as the people that hacked Equifax.

The solution is simple. Get rid of the credit cards.

So when you entered your name and last 6. You were automatically enrolled? They did not give you a date to come back to enroll?

How and where do you file a complaint? Can you provide details please? Thanks!

You need to go after those Equifax officials who sold significant company stock after they learned of the breach and before the public was told about it. It has always seemed to me that these credit companies would be the best targets for criminals to attack as they have information on virtually everyone.

Exactly. IMO, when they sold that stock they sold their souls.

ABSOLUTELY, Guess Who!: with that insider info, those creep execs sold their Equifax stock months before breach info was publically released! they should be jailed & their profits placed into a fund to help reimburse those among the 44% who actually get ripped off by the hackers. disgusting...

So it was discovered internally, bosses were able to sell stock at full value before the public announcement, they have partnered up with a protection agency that, if you sign up, requires you to waive your right to sue. Soooo ethical. I hate the parasitic industry of credit reporting. May they all rot.

this is why I have no faith in humanity

This "Free Credit Monitoring Service" is owned by Equifax! How is that acceptable or responsible?
I'd rather a year of Lifelock or similar.
How can TrustedID be trusted as an equifax company in both ability to keep info safe, and report in a timely manner?

It's like a fox in the hen house!

If you read the TOS for TrustedID, it states: "TrustedID is not a credit repair organization, or similarly regulated organization under other applicable law and does not provide any form of credit repair advice or counseling. TrustedID offers You access to Your credit report and other credit-related information Products, but We do not offer, provide, or furnish any Products, or any advice, counseling, or assistance, for the express or implied purpose of improving Your credit record, credit history, or credit rating. By this We mean that We do not claim We can "clean up" or "improve" Your credit record, credit history, or credit rating and You acknowledge and agree that You will not purchase, use, or access any of Our Products or the websites for such purposes. These items (credit record, history, and rating) are based on Your past or historical credit behavior, and accurate and timely adverse credit information cannot be changed. If You believe that Your credit report contains inaccurate, non-fraudulent information, it is Your responsibility to contact the relevant consumer reporting agency, and follow the procedures established by the various consumer reporting agencies related to the removal of such information."

This does nothing!
...except possibly protect Equifax from litigation by accepting the TOS for this "Free" service.

This doesn't pass the smell test. Equifax wants you to sign up for their "free" (for now) new product, "Premier" with even more ID data. NO way. Just check your accts (like you should be doing anyway). This
"come back to our site and fill out more info on/after a certain date" AND have to sign on for a product without even seeing a EULA yet is unacceptable.

Immediate and decisive action is required to remove consumer data from the hands of companies unable to secure it.

If I know the State you were issued your SS card I will know your 9 digit SS# for ex: Arizona 527
why do you need last 6?

Absolutely, basically you're entering your SS# on some new website they just made. I would avoid doing anything with Equifax. There are plenty pf other credit monitoring and identity monitoring services out there that are more concerned with YOU, the consumer and less concerned with their big bank clients and lining their pockets.

This issue with Equifax is when you check to see if your info was compromised, which mine was, Equifax automatically enrolls you in a free watch program with an AUTOMATIC renewal. The later is a false offering! If they cover you for a year of free monitoring that should be an election without securing it with a credit card so it ends at a year. To make this an auto renewal places an unfair burden on the consumer whose information was hacked. We do not voluntarily give our SS and other credit info to them, this comes from merchants. I lodged a complaint because although Equifax gives an olive branch the way they do it is just as bad as the people that hacked Equifax.

Since so many have replied on here stating that all they are getting is the enrollment date. May I ask what link you used to confirm that you had been hacked. Thank you so much.

hacked victim - thank you for your comment, I agree!

Agree 100%

The link provided by Equifax does not say whether your information was leaked! It only provides an enrollment date.

Also by enrolling for the free credit report you give up your right to sue Equifax, based on their T&Cs !

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

follow the directions and "Click on the Potential Impact tab..." it will then send you to the 'am-I-screwed' option page where you enter your name and last 6 digits of your SSN...

I found this on the Equfax FAQ site:
QUESTION: Do the TrustedID and Equifax Terms of Use limit my options related to the cyber security incident?:
ANSWER: o confirm, enrolling in the free credit file monitoring and identity theft protection products that we are offering as part of this cybersecurity incident does not prohibit consumers from taking legal action. We have already removed that language from the Terms of Use on the site www.equifaxsecurity2017.com. The Terms of Use on www.equifax.com do not apply to the TrustedID Premier product being offered to consumers as a result of the cybersecurity incident. Again, to be as clear as possible, we will not apply any arbitration clause or class action waiver against consumers for claims related to the free products offered in response to the cybersecurity incident or for claims related to the cybersecurity incident itself.

Totally correct and this should be included by the FTC in their report - not hidden in the comments section.

So glad I managed to sell my $946,374 worth of shares on July 29th. Please keep paying us to freeze your credit. Also don't forget that YOU are the victim and it definitely is NOT OUR FAULT if WE tell the bank that it is acceptable to hand out and lose money to a scammer impersonating YOU.

Thanks FTC, for recommending we waive our rights to arbitration.... Are you kidding me?

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

We are resposible for your data.
You are forced to be subservient to our data on you.
We lost your data.
We are not resposible for your data.
You are forced to monitor your data and pay us to secure it.
What do you think is happening here???? What a racket. What steps will these entities take to help? Absolutely none. It is shamefull this country has allowed this stupidly.

Was I scamed

Please note that the Equifax enrollment offer contains a forced arbitration clause. Not the best option for consumers at this point.

I visited the Equifax website and was offered TrustedID enrollment. If I elect to enroll in this identity theft service will I be required to waive any of my legal rights to hod Equifax accountable as a condition of enrollment?

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

I wonder if there are lawsuits out against them?

Thank the Almighty LORD Jesus Christ I was able to sell my soul for $1 million before the news got out.

Remember folks, YOU are the victim of any IMPERSONATOR. It is NOT Equifax's fault if WE tell the banks it is OK to loan out money to the IMPERSONATOR using your credentials. Nope, the bank is definitely NOT the victim and it is NOT our fault.

I guess Equifax can sell us a service that will tell us 2 to 3 months after the fact our identity stolen from Equifax has been used open debt accounts in our name. If this company can't secure data, they should no longer be a company. Executes can be held personally responsible and i"m expecting jail time.

Thank you for bringing us up to date as well as suggesting action to take.

Equifax announced it today and the FTC released this information at the same time.

FTC is not responsible for reporting, the breached party is. For a breach this size, a lot of forensic work must take place to confirm what happened and who was affected. Six weeks for a breach of 143 million records is actually very good and within the law. One assumes Equifax immediately contacted FBI and FTC as soon as it happened so investigation can take place to trace it back to the bad actors. If you haven't taken precautions against breaches in the past, let's hope that you will now take the recommended precautions now. Breaches are not a matter of "if" they will happen to you, they are a matter of "when."

One would assume, but they are for profit business just like BofA which did not notify anyone immediately...so what makes anyone confident Equifax immediately contacted anyone like FBI and FTC? On the latter, FTC is quasi supervision, but considering no US government law defines a credit bureau and that these companies are for profit, FTC has zero ability to dictate anything.

Equifax website just gave a date that my free monitoring will begin, but I have to go back to the site in a week to register. No risk information. They are pitiful. No help at all.

Why should we have to pay $5 - $10 per credit bureau to freeze access to our credit? This is a service that the credit bureaus should provide as part of their mission and obligation to the public. It is shameful that their systems can be breached, and that they have an opportunity to profit from consumers paying $5 - $10 per bureau to freeze their own credit in the aftermath. This is wrong.

Read carefully, it is not $5-$10. It is free to freeze it one time then $25 per agency to unfreeze it if you are buying anything or want to change insurance companies. Then another $25 per agency to re-freeze. Why doesn't the government do anything about this gouging of the citizens it is to protect. Also their monitoring does nothing, my information was stolen through my companies payroll system last year and they signed us up for two free years with Experion credit monitoring, all they do is tell me there was a change to my credit report. This they have always done.

Well, it's not necessarily the FTC's fault...responsibility lies squarely on Equifax's shoulders. Why DID they wait so long to make this public?!?

And I love their website URL:

www.equifaxsecurity2017.com

WHAT security? And the FTC reminding US that a social security number is sensitive information and should be safeguarded. Anyone else see the irony here?!?!?

Looks like (as usual) we need to continue to watch out for OURSELVES and pass LAWS to force companies to properly safeguard our information, especially in this day and age. I wish I could be so cavalier about MY responsibilities!

Incorrect info ===>
"Visit Equifax’s website, www.equifaxsecurity2017.com.

Find out if your information was exposed. Click on the “Potential Impact” tab ...
The site will tell you if you’ve been affected by this breach."

This is incorrect info --- the site does NOT "tell you if you’ve been affected by this breach".
It goes directly to a message with a registration date for the TrustedID Premier credit monitoring service.
I guess I have to conclude that I was a victim, but it did NOT (as indicated) "tell you if you’ve been affected by this breach".

It's ridiculous that we have to visit another site to verify if our private information was stolen. Why hasn't Equifax sent out notice letters to everyone affected? That should have been done month's ago!

Yours' is the most sound comment that I have seen here. It should be common decency, but perhaps that's a thing of the past?

All of this information is useless. They can hold on to your SSN and other information for years before using it. Equifax completely ruined SSNS for all people in the U.S.

True. Nothing less than a new Social Security number for everyone, in a different format than the original. Equifax should be sent the bill. Nothing less will work.

Seems very suspicious.

Seeing how Equifax did not release this information until yesterday, I applaud your response time! Thanks for getting this information to us quickly! I appreciate your diligence to protecting consumers and businesses. As an employee of a financial institution, I know how accurate and valuable the information you provide is to everyone. Most of the time, the information I read is a refresher, but this was new information that will definitely be important to me, my fellow colleagues, and our clients. Again, thank you!

Pages

Leave a Comment

Comment Policy