You are here

The Equifax Data Breach: What to Do

Share this page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, www.equifaxsecurity2017.com. (This link takes you away from our site. Equifaxsecurity2017.com is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting annualcreditreport.com. Accounts or activity that you don’t recognize could indicate identity theft. Visit IdentityTheft.gov to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit Identitytheft.gov/databreach to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.

 

 

Comments

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

I wonder if there are lawsuits out against them?

Thank the Almighty LORD Jesus Christ I was able to sell my soul for $1 million before the news got out.

Remember folks, YOU are the victim of any IMPERSONATOR. It is NOT Equifax's fault if WE tell the banks it is OK to loan out money to the IMPERSONATOR using your credentials. Nope, the bank is definitely NOT the victim and it is NOT our fault.

I guess Equifax can sell us a service that will tell us 2 to 3 months after the fact our identity stolen from Equifax has been used open debt accounts in our name. If this company can't secure data, they should no longer be a company. Executes can be held personally responsible and i"m expecting jail time.

Thank you for bringing us up to date as well as suggesting action to take.

Equifax announced it today and the FTC released this information at the same time.

FTC is not responsible for reporting, the breached party is. For a breach this size, a lot of forensic work must take place to confirm what happened and who was affected. Six weeks for a breach of 143 million records is actually very good and within the law. One assumes Equifax immediately contacted FBI and FTC as soon as it happened so investigation can take place to trace it back to the bad actors. If you haven't taken precautions against breaches in the past, let's hope that you will now take the recommended precautions now. Breaches are not a matter of "if" they will happen to you, they are a matter of "when."

One would assume, but they are for profit business just like BofA which did not notify anyone immediately...so what makes anyone confident Equifax immediately contacted anyone like FBI and FTC? On the latter, FTC is quasi supervision, but considering no US government law defines a credit bureau and that these companies are for profit, FTC has zero ability to dictate anything.

Equifax website just gave a date that my free monitoring will begin, but I have to go back to the site in a week to register. No risk information. They are pitiful. No help at all.

Why should we have to pay $5 - $10 per credit bureau to freeze access to our credit? This is a service that the credit bureaus should provide as part of their mission and obligation to the public. It is shameful that their systems can be breached, and that they have an opportunity to profit from consumers paying $5 - $10 per bureau to freeze their own credit in the aftermath. This is wrong.

Read carefully, it is not $5-$10. It is free to freeze it one time then $25 per agency to unfreeze it if you are buying anything or want to change insurance companies. Then another $25 per agency to re-freeze. Why doesn't the government do anything about this gouging of the citizens it is to protect. Also their monitoring does nothing, my information was stolen through my companies payroll system last year and they signed us up for two free years with Experion credit monitoring, all they do is tell me there was a change to my credit report. This they have always done.

Well, it's not necessarily the FTC's fault...responsibility lies squarely on Equifax's shoulders. Why DID they wait so long to make this public?!?

And I love their website URL:

www.equifaxsecurity2017.com

WHAT security? And the FTC reminding US that a social security number is sensitive information and should be safeguarded. Anyone else see the irony here?!?!?

Looks like (as usual) we need to continue to watch out for OURSELVES and pass LAWS to force companies to properly safeguard our information, especially in this day and age. I wish I could be so cavalier about MY responsibilities!

Incorrect info ===>
"Visit Equifax’s website, www.equifaxsecurity2017.com.

Find out if your information was exposed. Click on the “Potential Impact” tab ...
The site will tell you if you’ve been affected by this breach."

This is incorrect info --- the site does NOT "tell you if you’ve been affected by this breach".
It goes directly to a message with a registration date for the TrustedID Premier credit monitoring service.
I guess I have to conclude that I was a victim, but it did NOT (as indicated) "tell you if you’ve been affected by this breach".

It's ridiculous that we have to visit another site to verify if our private information was stolen. Why hasn't Equifax sent out notice letters to everyone affected? That should have been done month's ago!

Yours' is the most sound comment that I have seen here. It should be common decency, but perhaps that's a thing of the past?

All of this information is useless. They can hold on to your SSN and other information for years before using it. Equifax completely ruined SSNS for all people in the U.S.

True. Nothing less than a new Social Security number for everyone, in a different format than the original. Equifax should be sent the bill. Nothing less will work.

Seems very suspicious.

Seeing how Equifax did not release this information until yesterday, I applaud your response time! Thanks for getting this information to us quickly! I appreciate your diligence to protecting consumers and businesses. As an employee of a financial institution, I know how accurate and valuable the information you provide is to everyone. Most of the time, the information I read is a refresher, but this was new information that will definitely be important to me, my fellow colleagues, and our clients. Again, thank you!

Wish they had a telephone number for contact instead of just a web link. I would rather speak with a live person instead of using a computer. Older methods of communicating sensitive/personal information increasingly seem more secure. I do not trust computer data sources any more. Wish Federal Government would draw a line making collection/having personal/sensitive information illegal on any computer. Only way to protect it best Tired of chasing skeletons created by arbitrary sources.

All of this information is useless. They can hold on to your SSN and other information for years before using it. Equifax completely ruined SSNS for all people in the U.S.

It appears that Equifax is/was more interested in protecting itself than protecting persons who it maintains credit information on. Why else would Equifax take so long to disclose the breach? Of course the longer it took to disclose the breach the more likely that fraud has been perpetrated.
Shame on you Equifax.

The same applies to FTC if it was aware of the breach earlier. Further, it seems that FTC would have regulations in place to ensure that consumers notified of such breaches in a timely manner.

I have just read an article in the Washington Post stating "Buried in the terms of service is language that bars those who enroll in the Equifax checker program from participating in any class-action lawsuits that may arise from the incident" I think you need to look into that and update this blog. Not sure it's best to sign up now....

Only a year of free credit monitoring is a joke. Statistics show that information from data theft typically takes a year to surface. So as soon as your free monitoring stops, you are on the line to pay for the rest of your life for the mess they made.

Not to mention the fact that these credit agencies hold more private information about you than anyone. I don't ever remember giving them the right to collect and store so much private information about me...

Our laws need to change and these businesses need to be held accountable for these breaches.

This article should include a reference to the fact that the credit monitoring agreement offered by Equifax includes an arbitration clause where the user could no longer be a part of a class action lawsuit against Equifax for this breach.

Put my info into a website at a company that had their website hacked - are you serious?

So I bet Equifax gets off scot free, correct? Forget all the little people whose information was exposed. We're a multimillion dollar credit agency, so we're fine.

Why soooooooooooo late in contacting us? Seriously?!!!!

So the company discovered this on 7/29 and it took this long to inform consumers?! I'll own Equifax when this is over. Thank you so much for a lifelong problem YOU created, Equifax. Hackers are very patient, and ONE free year of credit monitoring isn't going to cut it. Can I get a new SSN?

The so-called free monitoring is by Equifax, kind of like the fox guarding the hen house in my opinion. Financial fraud is not Identity theft. Your bank and credit card company will take care of that. There are much more damaging ways for this information to be used.

FTC, please mention in this post that signing up for the year of free credit monitoring will likely prevent you from participating in the class action lawsuit! This is important information!

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action wavier included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

FTC: Require that all fees for adding and removing credit holds by the Bureaus be waived from this day forward. It is bad enough that they leaked our private data, but then they charge fees for taking the steps recommended by the FTC.

AH who is the "you" in your comment? FTC? The his news broke this morning. Your problem is with Equifax, not the attorney blogger for the FTC that is providing valuable information.

Time has changed. It is time to consider deactivating SSN as the common key to access personal information.

1) The "am I affected" website requires you to waive your right to trial with Equifax, so if your data was breached, you can't join a class action suit or talk to a lawyer about your rights.

2) The website they made for this purpose is suspected vulnerable by OpenDNS, Symantec, and a number of other providers.

3) People who signed up for the site didn't get confirmation that they were involved in the breach, nor credit monitoring services, just informed that they are in a queue for more info. It seems #1 is the most important thing Equifax is after: indemnification.

The other advice is spot on: watch your statements. If your account has fradulent activity over a short period of time, freeze your credit records. But right now, Equifax inspires as much trust as the hackers who breached them.

This is so amazing how long they knew, their company leaders sold off stock...now we consumers have to take actions this late in yet another disaster regarding a breach.

So the government agency that is supposed to help protect us is sending us directly to the breached company's site. Once we use the search, we are waiving our rights to sue or be part of a class-action suit.

Thanks clowns.

I tried to log on to the Equifax website, my computer virus software told me not to go there. My information could be stolen.

STOP GIVING A BAD CREDIT REPORT

Only a year of free credit monitoring is a joke. Statistics show that information from data theft typically takes a year to surface. So as soon as your one year of free monitoring stops, you are on the line to pay for the rest of your life for the mess they made.

Not to mention the fact that these credit agencies hold more private information about you than anyone. I don't ever remember giving them the right to collect and store so much private information about me...

Our laws need to change and these businesses need to be held accountable for these breaches.

You are right - free credit monitoring is a very bad joke. It amounts to EquiHAX keeping an eye on your accounts - then, when fraud is committed against you EquiHAX is only required to yell, "Hey, you! Somebody just stole every cent you've got!" Then they can simply walk away.

Sadly, our laws are most certainly NOT going to change and "... these businesses" are NOT going to be held accountable. Why? Because BOTH our major political parties are 100% bought by these corporations. Trump isn't going to fix this; Elizabeth Warren isn't going to fix this. In this nation, corruption rules.

In fact, I will bet my paycheck that NOT ONE EquiHAX executive who sold their stock prior to the public announcement will ever see the inside of a prison cell.

Really? How could someone who protects credit actually end up compromising credit? Where were the notices? Were they ever planning on telling us or did someone leak this? Plus, Equifax caused the problem and now is going to make money off the breach by selling us all credit protection! Shame on you sleezebags.

I love that we are advised to take advantage of credit monitoring services as if they are a remedy. Credit monitoring services have also been breeched making the problem much worse. Sick of this-why do we allow private companies to accumulate personal date without proving they have done everything they can to protect it. The CEO of Equifax says he is disappointed that these criminals stole data. Dude, i am disappointed YOU. Cyber criminals are everywhere and you shoulf have expected this. He needs to resign.

Enrolling in Equifax's "free" credit monitoring forces you to waive your access to our court system -- you waive the right to sue Equifax for any damages you incur as a result of their shoddy data security practices.

Just shut them down. The information they report unreliable and inaccurate anyway. Why should we have to deal with their nonsense?

We have had a freeze ever since we were able. We have never had a problem. 12 years I think.

I have had a freeze for many years too. I have been through several of these breaches, including the Target one. I assume I need new credit cards. Once I can go back on Sept. 14th to enroll, I will know whether I need to get my driver's license changed. I am frustrated that a company like Equifax apparently does not encrypt our files.

Seriously? Is this the best you can do? How about not linking SSNs with credit reports? how about financial penalties for credit reporting agencies failure to protect consumers info?

I'm going through some serious health issues now and on top of that I have to check all my credit cards and banks to find out if I my accounts have been breached. It makes me sicker!!!!!!

Pages

Leave a Comment