The Equifax Data Breach: What to Do

Share this page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, www.equifaxsecurity2017.com. (This link takes you away from our site. Equifaxsecurity2017.com is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting annualcreditreport.com. Accounts or activity that you don’t recognize could indicate identity theft. Visit IdentityTheft.gov to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit Identitytheft.gov/databreach to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.

 

 

Comments

Is nothing safe anymore? I had called Hewlett-Packard and their phone system had been breached. I found out in time not to be scammed. Any business, government agency, etc., can be breached/hacked, or anything else that may come up next. It's gotten so bad that I don't even trust myself.

Just entered bogus name and random last 6. Site said I was possibly impacted. Site is useless!

FTC: This is also on you guys. How many times have so many of us been victims of identity theft which is increasingly easier to do and more damaging and an astonishing nightmare to address w/ all three credit reporting agencies? Where's your leadership been to ensure that we're all protected and that self-"regulation" isn't the shield these companies hide behind?
Let's be totally honest, you knew this was inevitable w/out a far higher regulatory-burden and I can't recall FTC Commissioners doing anything other than kicking the can down the road.
Maybe now that all FTC Commissioners' personal information has also been exposed they'll be more inclined to do their job to protect ordinary Americans.
Equifax asking people to surreptitiously sign a mandatory arbitration clause is downright fraud; both civil and criminal.
Do something about this now!
Every Equifax physical location should be crawling w/ Feds right now and all I'm seeing is government bailing water out of the Titanic.

I would like to see CRIMINAL charges brought against the executives at Equifax that unloaded so much stock between the time the breech began and when it was reported. THAT my friends is insider trading far worse than any I have seen in a long time. As far as the breech, Equifax MUST begin a policy of allowing individuals to have real time access to their files at no charge. If they don't offer it up, this is one law I could support Congress adding.

Check to see if my personal information has been breached.

The Equifax website automatically enrolled me in their consumer protection thing. It did not ask me if I wanted to participate. I did not. This is further fraud on their part; as I understand it, I have no recourse with Equifax if I am part of their "protection" plan. Please make them u enroll me.

I can't believe I have to go through all of this BS to check if My SS # was compromised.

So hackers steal our info and they decide to tell us 2 months later. Then they basically leave us with a - keep an eye on your stuff and good luck! It's taken me decades to build my credit, if this screws me I guarantee you I'm screwing you Equifax!

Oh, I'm supposed to give Equifax 6 (SIX) digits of my social security number, to apply for their measly free one-year monitoring of my account (Target gave 3!), when previously Equifax has only asked for four digits. So, let me figure this out. My last 4 digits were hacked while in Equifax's possession. Why in the world would I add 2 more digits to be hacked while in Equifax's possession? That leaves only three more digits that a clever hackster has to figure out and voila! They have everything! I'd be better off to pay for my own monitoring.

I believe credit bureaus allow such thing to happen since this can cause an increase on the economy, but damage the creditors and the insurance agencies and the people its self.

The web site put up by Equifax DOES NOT tell you whether you've been affected. It 1) makes you accept arbitration (so you can't sue them) and 2) promises to tell you in a few days if you remember you come back.

Does anyone check these articles before they're published, or is the FTC run by a bunch of clueless clowns?

You can put in any name & any number. It will say you were affected.

My thoughts, exactly! All the free credit monitoring will do is to let you know about the damage that has already been done, not preventing anything.

It is outrageous that Equifax could sit on this information for 3 months. This is a fraudulent, deceptive and unfair business practice on their part.

A lot of good the free credit monitoring will do after this time between the breach and now. All that will do is let you know about the damage done, not an ounce of prevention.

Since this happened so long ago, the hackers are already using this information. Equifax should have immediately notified everyone they have information on regardless of the supposedly "need" to investigate. That way people could have notified their financial institutions of the threat so they could be on the lookout for suspicious activity on their accounts. Also I resent that news casters like Jennifer Westhoven of Headline News is advising people to "freeze" their credit. A little late for that!

Ms. Gressin states that the Equifax will tell you at its website if "you have been affected by the breach." This is not true, last night I entered information for myself and was told nothing, except to return to a website for enrollment on September 13, 2017. I entered the information for my wife and got message that "we do not believe you have been affected" by the breach but given the option to enroll in protection but told to enroll her on September 15, 2017. What does this mean? That my data has been affected, but not my wife's? What difference would that make when we share bank accounts, credit card accounts, etc. Feel I am being screwed again by being kept in the dark.

OK, what do we need to do to nail Equifax and hold them responsible? That clause about not being able to sue them; is that really enforcable? I have heard it might not be since it is like holding a gun to your head.

Equifax is a joke! Where was the warning to consumers? I've been hacked 3x in the past year! Shame on equifax! You suck!

So Equifax is going to charge me $10 to do a freeze and it's their fault I have to do the freeze??!! Anyway the FTC can tell them to NOT charge consumers?

I called Equinox. The poor lady was very poorly trained and could not answer my questions.

Adding insult to injury is the fact that not only were the folks at Equifax unable to effectively address ANY of my questions or concerns, Equifax has the audacity NOT to abandon their $10 charge for freezing your account!! REALLY?! Once again, the predators are allowed to determine and hand pick their prey.

I think it is time for a huge class actiom suit to put them out of business as well as imprison the Executives. This is potentially irreparable damage. Time to start including Biometrics.....................

This whole fiasco is shameful. Those execs who sold stock should go directly to jail for a very long time. I will do my own monitoring, as I always do. Any issues that might arise due to the breach and the delay in notifying consumers should be Equifax's problem to solve. If they don't handle it we should slap them with the largest class action suit ever .

I hope there's a class action suit created against Equifax to force them to cover all costs associated with credit fraud and identity theft for any and all individuals harmed by this careless data breach - plus a substantial penalty for their failure to notify their clients of the breach in a timely manner.

Unconscionable advice! By signing up for their "free" protection you are relinquishing your right to join a class action suit. The FTC is in collusion with Equifax by promoting this course of action.

How do we start a 10 billion dollar class action!

I agree. Equafax still doing what you normally do. Ruin people's lives and not taking responsbility.own it and take responsibility.

gree with AH, plus Thanks a lot, still doing what you normally do. Ruin people's lives.

I decided to opt for a credit freeze. Suspecting that the Equifax site would be the hardest to get through to right now, I decided to try TransUnion first. The result? An entire day wasted getting their “Unable to process – try again later” message.

When someone uses our info, they make us jump through hoops to clear it. We must expect the same from them Jump through hoops to insure each and every person whose information was compromised, is protected.

How do I know whether if my credit card was compromised and should I call my bank to notify the Equifax data breach situation? I checked and I was affected.

It is worth noting that testing of thr site has been done. (That is, the site you listed for "Potential Impact"). Most of the time, with a fake name and a randomly-selected six-digit number, the result was the same. To wit, there is reason to believe your information has been exposed. Therefore, I deduce the worthiness of the "Potential Impact" link is nil or worse. And that paying Equifax for credit protection is nothing but *rewarding* Equifax for a great and grievous problem that will last for years. And the FTC has compounded the problem by spreading this terrible disinformation. A typical government agency.

Thanks FTC. Your tell us to protect ourselves by going to equifax website, as if they can be trusted. How about the FTC take action against equifax for waiting a month to tell us?

Don't go to the Equifax website.After you sign in and give all your personal info, you have to agree to not sue them, if you find anything wrong! We use Identity Shield for credit alerts. Its well trusted and will help if anything happens.

I am not going to sign up and forego the right to sue. I feel that they owe us something for not informing us right away and for not protecting out data...

I called my credit card companies of which I have 2 , cancelled my cards and asked them to issue two new cards with different numbers. My old credit cards will be of no use to the hackers. Maybe I will put a freeze on my credit at the three credit bureaus. I will definitely not sign up for the FREE (ha ha) monitoring being sold by Equifax.

This breach to a "bonafide" credit reporting agency, whose leadership by the way managed to unload over 2 million shares before this breach was disclosed, leaves us wondering if this agency cannot protect our private information, who can? What a joke of a company.

Because there was a breach...Because the ones who cashed in their stock...Because you can't trust Equifax or any other credit reporting agency...Because there was a delay informing the public of the breach..... My question is the hackers have our information and for all we know are still infiltrating Equifax system....What is the reasoning behind another delayed ploy by Equifax? They are supplying the hackers the exact date to steal information as it is entered on the world wide web. That's like our government telling North Korea that on so and so date we are going to bomb you off the face of the Earth. I want the address of all credit reporting agencies (not P. O. Boxes) so an organized protest can be conducted against these bottom feeders. In America we have a right to be informed of a breach immediately. Class Action attorneys need to step up and speak for the American citizens. As long as nothing is done, this type of criminal behavior will only get worse.

I was initially suspicious of the whole thing at first, being a victim of identity fraud and phone scammers. When I saw that this hack was legit, I didn't get scared and here's why: 1. I have Life Lock 2. I'm on my 2nd 90-day fraud alert with all of the credit bureaus. I highly suggest doing that. Hackers and scammers may try using my info, but I will be informed - and they WILL be blocked. Unfortunately, this is the world we live in now. Protect yourselves.

That's how the honest citizen is rewarded: taxed, cheated and stolen from. I wonder if those with horrible credit were "compromised" or was it just those who follow the rules of the system. I assume they had a plan to protect our information. Yup, and a famous idiot once noted, everyone has a "plan" until punched in the face! So, in the spirit of charity, thanks for the punch in the face.

I've been a victim of "attempted" identity fraud - my info is on the dark web (as are MILLIONS of people's info). When I checked my credit report and saw that there was an inquiry from Chase Bank - I knew something was amiss. When it was confirmed - I disputed it and had Transunion place a 90-day fraud alert on my info. I also signed up with Life Lock. This is the world we live in today, folks. There is no privacy - but I will guarantee you that I will continue to place 90-day alerts across all the bureaus (doing it on one bureau takes care of them all), and pay Life Lock for the duration. So far, so good. I recommend taking these steps to make it difficult for the crooks. You will be notified of all suspicious activity, and ask to confirm or deny whether it was your transaction. I sleep well at night these days.

I went to https://www.equifaxsecurity2017.com and entered my credentials. They believe that my data was breached. However, when I entered Test / 123456 & Abcdef / 123789, it said the same thing. I think these people are trying to get everyone enrolled in their program so that they can make money in the future.

It's insane that they keep our sensitive information without encryption! Equifax knew all along that they, Experian and TransUnion are prime targets of hackers. They are making billions each year but do not care to protect our information with basic security!!

Careful what you do on their website.
Customer Reports noted that signing up for what Equifax is suggesting may prevent you from suing Equifax if you have been harmed. Three top officials of Equifax dumped company stock before announcing the breach to the public; so it seems they may be party to this con. Thanks to the air-heads now in government -of both parties but mostly the republicans it's open season screwing the people.

Where is the "Potential Impact" tab?

The government fines health care providers if they breach HIPAA rules. Why doesn't the government do the same for offenses by the three credit bureaus?

I'm simply exhausted with liability assigned to the victim. It helps only way to truly protect ones self is to not have debit or credit cards, no bills, never write a check (they store this info to), or participate in online bill payments or purchases. Geez guess that covers living.

I'm also sick and tired of companies and individuals overusing the words "TRUST or "TRUSTED". I have tell you those two words used in a advertisement or any documentation tell me to run very fast in the opposite direction. TRUST is not something to be bought and sold... IT IS EARNED THRU PERFORMANCE. So please stop trying to make me feel comfortable with what you're doing by using words to convey what your performance is not able to demonstrate. It's not working.

This is all irrelevant. 134 million social security numbers WITH names and addresses were stolen. I'm pretty sure that includes EVERYONE in the U.S. who has a credit report. Don't bother checking that site to see if you're on it because you definitely are. As of today creditors can no longer use social security numbers as verification during a loan process. Those days are over. A new day where some other additional forms of verification will begin. It will probably involve things like in person appearance showing ID, proof that you live at your address, and / or address verification where they physically mail you a letter with a code that you need to enter somewhere.

Absolutely agree. Hopefully the 'new day' comes soon.

Pages

Leave a Comment