The Equifax Data Breach: What to Do

Share this page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, www.equifaxsecurity2017.com. (This link takes you away from our site. Equifaxsecurity2017.com is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting annualcreditreport.com. Accounts or activity that you don’t recognize could indicate identity theft. Visit IdentityTheft.gov to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit Identitytheft.gov/databreach to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.

 

 

Comments

One year of free credit monitoring is okay, but is not good enough. Those criminals will hold on to the private/personal information for at least 6 months before they use or sell these information. Equifax should offer, at a minimum, 2 YEARS OF FREE CREDIT MONITORING.

They need to give more than just a monitoring service. it needs to be a Protection Service, which clearly they can't do. It needs to be third party, and needs to be at least 7 years. Offering a monitoring service after this big of a breach is like your dentist knocking your teeth out but giving you a toothbrush for free... well this year at least

SSN can’t change, the only acceptable response from Equifax would be to offer all of their monitoring and protection services for free for life. A smart identify thief would simply wait a year or more to use the info after the free year of monitoring expires. Also placing a freeze on your report, from all 3 bearus should be free regardless.

Two years would not be good enough. Anyone impacted should get that service for life! This is a disaster that will follow us for life.

Minimum of 5 yrs. I don't know what monitoring is going to do anyway. If they are going to hack into your information, they already have your bank account numbers and credit card numbers. They will cause you hell that is for sure. They filled out my tax return back in 2011 and it was almost 2 yrs before I got my tax refund.

Feds would bury a small company with fines for even a small breach and put it out of business. Let's see what they do about Equifax.

somehow the financial services industry always seems to be excel (or treated w kid gloves) in any breach of anything.

What a mess-Thank you for the info and process to correct

It was nice of these companies to tell us months after the breach, and after they had a chance to sell their stocks before the announcement. They are just as bad as the hackers who stole Americans info!!

Right up there, No Doubt !

Equifax is making it difficult to enroll for the free credit monitoring service they are offering in response to the data breach.

Instead of being able to enroll immediately, they give you a future date and URL to return on that day to enroll. This is an obstructionist practice designed to reduce the number of people they have to pay for credit monitoring.

Enrollment should be able to be completed immediately.

I'm a technology professional. They're doing this in order to spread the expected millions of enrollments out over a period of time that will allow their systems to actually perform the enrollments without crashing.

dont inroll ron, if you inroll, in protection, from equafax, YOU GIVE UP YOU RIGHT TO SUE THEM IN THE FUTURE AS PART OF A CLASS ACTION SUIT.

DO NOT ENROLL!!!!! READ THE AND UNDERSTAND THE CONTRACT 100% FIRST

What took so long to notify us? This is super important and yet we are already 3 Months behind this ugly issue.

Was any employees of Equifax involved?

corruption

RICO Equifax's executives who sold their stock while we were getting stuck!
Prison's not enough for them

This issue with Equifax is when you check to see if your info was compromised, which mine was, Equifax automatically enrolls you in a free watch program with an AUTOMATIC renewal. The later is a false offering! If they cover you for a year of free monitoring that should be an election without securing it with a credit card so it ends at a year. To make this an auto renewal places an unfair burden on the consumer whose information was hacked. We do not voluntarily give our SS and other credit info to them, this comes from merchants. I lodged a complaint because although Equifax gives an olive branch the way they do it is just as bad as the people that hacked Equifax.

The solution is simple. Get rid of the credit cards.

So when you entered your name and last 6. You were automatically enrolled? They did not give you a date to come back to enroll?

How and where do you file a complaint? Can you provide details please? Thanks!

You need to go after those Equifax officials who sold significant company stock after they learned of the breach and before the public was told about it. It has always seemed to me that these credit companies would be the best targets for criminals to attack as they have information on virtually everyone.

Exactly. IMO, when they sold that stock they sold their souls.

ABSOLUTELY, Guess Who!: with that insider info, those creep execs sold their Equifax stock months before breach info was publically released! they should be jailed & their profits placed into a fund to help reimburse those among the 44% who actually get ripped off by the hackers. disgusting...

So it was discovered internally, bosses were able to sell stock at full value before the public announcement, they have partnered up with a protection agency that, if you sign up, requires you to waive your right to sue. Soooo ethical. I hate the parasitic industry of credit reporting. May they all rot.

this is why I have no faith in humanity

This "Free Credit Monitoring Service" is owned by Equifax! How is that acceptable or responsible?
I'd rather a year of Lifelock or similar.
How can TrustedID be trusted as an equifax company in both ability to keep info safe, and report in a timely manner?

It's like a fox in the hen house!

If you read the TOS for TrustedID, it states: "TrustedID is not a credit repair organization, or similarly regulated organization under other applicable law and does not provide any form of credit repair advice or counseling. TrustedID offers You access to Your credit report and other credit-related information Products, but We do not offer, provide, or furnish any Products, or any advice, counseling, or assistance, for the express or implied purpose of improving Your credit record, credit history, or credit rating. By this We mean that We do not claim We can "clean up" or "improve" Your credit record, credit history, or credit rating and You acknowledge and agree that You will not purchase, use, or access any of Our Products or the websites for such purposes. These items (credit record, history, and rating) are based on Your past or historical credit behavior, and accurate and timely adverse credit information cannot be changed. If You believe that Your credit report contains inaccurate, non-fraudulent information, it is Your responsibility to contact the relevant consumer reporting agency, and follow the procedures established by the various consumer reporting agencies related to the removal of such information."

This does nothing!
...except possibly protect Equifax from litigation by accepting the TOS for this "Free" service.

This doesn't pass the smell test. Equifax wants you to sign up for their "free" (for now) new product, "Premier" with even more ID data. NO way. Just check your accts (like you should be doing anyway). This
"come back to our site and fill out more info on/after a certain date" AND have to sign on for a product without even seeing a EULA yet is unacceptable.

Immediate and decisive action is required to remove consumer data from the hands of companies unable to secure it.

If I know the State you were issued your SS card I will know your 9 digit SS# for ex: Arizona 527
why do you need last 6?

Absolutely, basically you're entering your SS# on some new website they just made. I would avoid doing anything with Equifax. There are plenty pf other credit monitoring and identity monitoring services out there that are more concerned with YOU, the consumer and less concerned with their big bank clients and lining their pockets.

This issue with Equifax is when you check to see if your info was compromised, which mine was, Equifax automatically enrolls you in a free watch program with an AUTOMATIC renewal. The later is a false offering! If they cover you for a year of free monitoring that should be an election without securing it with a credit card so it ends at a year. To make this an auto renewal places an unfair burden on the consumer whose information was hacked. We do not voluntarily give our SS and other credit info to them, this comes from merchants. I lodged a complaint because although Equifax gives an olive branch the way they do it is just as bad as the people that hacked Equifax.

Since so many have replied on here stating that all they are getting is the enrollment date. May I ask what link you used to confirm that you had been hacked. Thank you so much.

hacked victim - thank you for your comment, I agree!

Agree 100%

The link provided by Equifax does not say whether your information was leaked! It only provides an enrollment date.

Also by enrolling for the free credit report you give up your right to sue Equifax, based on their T&Cs !

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

follow the directions and "Click on the Potential Impact tab..." it will then send you to the 'am-I-screwed' option page where you enter your name and last 6 digits of your SSN...

I found this on the Equfax FAQ site:
QUESTION: Do the TrustedID and Equifax Terms of Use limit my options related to the cyber security incident?:
ANSWER: o confirm, enrolling in the free credit file monitoring and identity theft protection products that we are offering as part of this cybersecurity incident does not prohibit consumers from taking legal action. We have already removed that language from the Terms of Use on the site www.equifaxsecurity2017.com. The Terms of Use on www.equifax.com do not apply to the TrustedID Premier product being offered to consumers as a result of the cybersecurity incident. Again, to be as clear as possible, we will not apply any arbitration clause or class action waiver against consumers for claims related to the free products offered in response to the cybersecurity incident or for claims related to the cybersecurity incident itself.

Totally correct and this should be included by the FTC in their report - not hidden in the comments section.

So glad I managed to sell my $946,374 worth of shares on July 29th. Please keep paying us to freeze your credit. Also don't forget that YOU are the victim and it definitely is NOT OUR FAULT if WE tell the bank that it is acceptable to hand out and lose money to a scammer impersonating YOU.

Thanks FTC, for recommending we waive our rights to arbitration.... Are you kidding me?

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

We are resposible for your data.
You are forced to be subservient to our data on you.
We lost your data.
We are not resposible for your data.
You are forced to monitor your data and pay us to secure it.
What do you think is happening here???? What a racket. What steps will these entities take to help? Absolutely none. It is shamefull this country has allowed this stupidly.

Was I scamed

Please note that the Equifax enrollment offer contains a forced arbitration clause. Not the best option for consumers at this point.

I visited the Equifax website and was offered TrustedID enrollment. If I elect to enroll in this identity theft service will I be required to waive any of my legal rights to hod Equifax accountable as a condition of enrollment?

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

I wonder if there are lawsuits out against them?

Thank the Almighty LORD Jesus Christ I was able to sell my soul for $1 million before the news got out.

Remember folks, YOU are the victim of any IMPERSONATOR. It is NOT Equifax's fault if WE tell the banks it is OK to loan out money to the IMPERSONATOR using your credentials. Nope, the bank is definitely NOT the victim and it is NOT our fault.

Pages

Leave a Comment