You are here

The Equifax Data Breach: What to Do

Share this page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, www.equifaxsecurity2017.com. (This link takes you away from our site. Equifaxsecurity2017.com is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting annualcreditreport.com. Accounts or activity that you don’t recognize could indicate identity theft. Visit IdentityTheft.gov to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit Identitytheft.gov/databreach to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.

 

 

Comments

typical American answer, corporate people sell their stock first and then tell your customer....you losers

Spent 30 minutes on the phone with the company and got absolutely nowhere. Followed website instructions to lead one to a black hole. REDICULOIS!!!

Equifax has its systems hacked and now they want us to input SIX digits of our SSNs to find out if we're affected??? This is unconscionable! AARP warns to NEVER give out the last four digits (never mind six) of SSNs to other than your employer, banks, and the IRS. Come on, FTC, we need your help here!!

How about a Congressional hearing from our elected representatives to ask for justice from the company with everyone's information?

This is a joke. Every made name and made up number I put in told me I had been hacked.

It looks like Equifax is just trying to sell services. They are profiting from this.

These comments are expressing the frustrations of the new cyber world we live in. My visit to the site says my info was hacked. I would like to know if there is an enforceable way to remove whatever info is on their servers. I am asking this to know if I can be protected from these incidents that are caused by data mining activities at these large companies which I do not subscribe to. I thank you for assistance.

Was my identity stolen

The hackers have 5 to 6 days to hack you more once you start the security breach process on the web site. How did some people find out they were hacked already?? I have to wait the days...agree now the hackers have more information from applying. By the way, I tried 10 different words for password and they all were taken, then gave up.

Our local news reported that if you sign up for the 'free monitoring' Equifax has a clause buried in the fine print that using the 'free monitoring' you have agreed to give up your rights to participate in a class action lawsuit or any other claim for damages. They protect themselves and leave consumers without recourse. That they are allowed to abuse the public and had been granted the right to gather sensitive information without the consent of nor knowledge of the consumer is outrageous. They are allowed to report false information and the consumer has to initiate a dispute and complete a tedious process to have information that should never have been in their file in the first place. They continue to profit from a business model that is abusive to consumers. Recourse from the abuse is time consuming anddifficult

we need to be able to opt out of even being on their service they are a for profit company using us to make money. why do we have to be part of something we do not want to be why ARE they able to keep a file of our personal data with out our permission. they do not give a shit about our files just that they can make money off us with their metod of trying to control your finances for profit. we need congress to stop involintary being added to a company who has nothing to do with our true lives. we should be able to opt out and not be part of their files. our choice not theirs.

This really makes me mad! Equifax you should protect all of us way longer than just 1 year!! if your company makes 1 penny from the 1 yr. protection I feel that the millions effected will sue the hell out of you!!!

Why would anyone in their right mind want sign up with Eqifax to protect them from identity theft when they are the ones who caused the problem to begin with, that would be rewarding them. Why give them more personal information when they can't protect what they've already been intrusted with. They are making millions from their mistake.

THIS IS A LIFELONG/LIFETIME PROBLEM!!!!

One year of credit monitoring or ID protection is not going to be enough.

We "consumers" will need to be hyper-vigilant in monitoring all of our accounts and credit bureaus. Meaning that every month every account and every credit bureau will need to be checked very thoroughly in order to detect any fraud. Not to mention how much time, energy and emotional distress that is involved if a person detects any fraud.

Sadly, one year of credit monitoring and one free credit report per year is not enough.

THIS WILL BE A LIFELONG/LIFETIME PROBLEM!!!!!!

I heard that signing up for the credit monitoring they offer, because of their incompetence, means you are waiving your rights to join a class action lawsuit that will, in my mind, absolutely be something that's going to happen.

When is the FTC going to start holding these credit reporting companies legally responsible for their lack of security? I didn't exactly have a choice in doing business with them. I don't have $240 a year to buy a service I might need for 10+ years because of someone else's irresponsibility. Do something useful already and protect us from these predictors.

Corrupt and rich Republicans are to blame. They will protect Equifax at all costs.

Trump and his republican cronies will protect Equifax.

Report out now that Equifax Execs sold off stocks in the time between the breech and the disclosure...If...and I do mean IF that's true...they should be criminally liable.

First, with 3 credit reporting companies in operation, we should have a choice in who we want to handle our business. Give us at least one OPT OUT. They take it upon themselves to collect our information and we have no say in it. Not right.

Second, when a mistrust like this happens, they party who lost our data offers an independent monitoring service. When Target got hacked, they paid for a year of monitoring; when the VA lost a laptop and account were compromised, they paid for a year of monitoring service. The list go's on and on. But every one pays for an independent service. Can you imagine if Target had said, "oh, we have this new service and we're going to make you use it." Not! So, why is it OK for this company to get away with it? Where is the oversight on this most egregious of mishandling of our info? The FTC should tell Equifax to pay for an independent monitoring service.

In addition, our Attoney's General, from every state should be protecting us citizens, from this criminal event... they withheld reporting their breech, while somehow managing to secretly sell off their stocks - right under the noses of the FTC. Don't they monitor unusual sell off activity? Shame on you.

If they say they are too big to fail, I'm going to scream! This company should be held to the highest of standards, they hold our financial life in their hands... they pass judgment on our ability to do everything, their hands need to be squeaky clean. And with this being their 3rd strike in the recent past, that does't seem to be the case.

Lock them up!

Please exert your authority as a regulatory agency and immediately do the following:
1. Declare Equifax's offer of 1 yr. monitoring COMPLETELY INADEQUATE-the crooks holding the info of 2/3 of Americans with credit reports will be patient. Think years and decades.

2. Urge every citizen to freeze their credit reports at all 3 bureaus.

3. Decree that all freezes and thaws at all bureaus be completely free for everyone in all states forevermore. (Let the unbreached bureaus sue Equifax if they feel that an important revenue stream of theirs has dried up.)

Anything less is a complete failure of your duty to us.

Equifax should not have their database connected to the internet. Sure, it would slow things down for them to provide information to their customers, but we wouldn't have the problem of half the population's data being stolen. I hate Equifax.

Those executives that sold off their shares of Equifax stock, should immediately have their bank accounts FROZEN!!!!! By selling their shares, they drove down the value of the stock that all other equifax stockholders own. I believe that is referred to as 'insider trading'. Which is of course illegal!!! But as like all these people with money, they'll get off!!!

I agree totally with all the outrage expressed here. FTC should be suing Equifax!

I'm very surprised that the FTC is giving out a link for Equifax, the very same company that has caused this mess, that by enrolling in the program nullifies your rights to sue Equifax. FTC - you should really be giving consumers a warning to NOT use the Equifax link. Experience, TransUnion or anyone but Equifax is who you should be promoting.
Also, just so anyone who reads this comments knows, Equifax outsources the majority if it's customer service to call centers in India...whoever thinks this is a great idea please raise your hand.

Signing up for the free year of credit monitoring by Equifax's own service (do you trust them?!) will require you to agree to arbitration instead of the right to sue Equifax in the future. They should provide third party monitoring for at least 10 years.
THIS is why we need strong federal enforcement and regulation; Equifax will not protect us unless forced to.

Equifax requires you to waive right to sue in exchanging for a measly one year of credit monitoring. New York AG demanding they remove this ridiculous condition, as it is unenforceable. Equifax needs to be held accountable for their utterly insufficient and self-serving response.

This is ridiculous...the credit reporting agencies, specifically Equifax, should be waiving the credit freeze fee. What is FTC and the CPB purpose if it won't force these baboons into waiving the credit freeze fees? This incident allows Equifax to make tons of money off of fees: Estimated 143million people affected, at $10 per person for Equifax credit freeze fee, means Equifax stands to gain $1.43billion. Transunion and Experian will also stand to make $1.43billion each just off of Equifax's lax cyber security.

sign up for monitoring with AUTO renewal ... WHAT
ACTUAL "PRODUCTIVE" COMPANY CAN TRY TO TAKE ADVANTAGE AND TRY TO MAKE EVEN MORE $$$$$$$ OFF THEIR TOTAL AND COMPLETE INCOMPETENCY,EXECS WHO KNEW OF ISSUE AND PROFITED FROM IT .... TAKATA COULDNT!!

I would like someone other than Equifax to be providing my free credit monitoring for the year. Why are they allowed to monitor their own leak?

It is recommended that one puts security freezes at the top 3 credit reporting agencies. However, there are many many others. Are we supposed to find them all and pay each one to freeze our credit reports?

It is recommended that we freeze our credit reports at the top three credit reporting agencies. However, there are many other smaller and lesser known agencies. Are we supposed to find and pay for freezing credit reports at an infinite number? This is beside the fact that we have no control over who collects our credit information and therefore have no control over it. Seems pretty backwards from a consumer point of view. Anyone know what is recommended for all the smaller credit reporting companies?

In July somebody tried to open a account at Charles Schwab Bank using my info. They had my name, SS# and a old address I lived at. Some how Charles Schwab Bank knew it was not me trying to open the account and did not open the account but it shows up in my credit report as a hard inquiry . Now I know how they might have got my info

Oh! By the way peoples! FTC is reviewing any comments you'd like to share here, before posting them.
So rest assured that any information or ideas that you'd like to share with your fellow citizens, which bears any teeth, and might possibly help citizens to organize, will be omitted from viewing.

This what happens when 3 companies get to big,and monopolize the industry.They should be disbanded and have each state set up office for each state citizen,We would have a major mess like this one,Also they work for banks not for,their rules and policies and outdated.When they can punish you for 7-10 for so minor late payments,Its time to have changes,,

Folks! FTC is censoring this blog! Please post any alternative blogs where we might all be able to have a fair opportunity to organize and share ideas, suggestions, etc.

Also, call your credit card companies and ask for new credit cards and numbers.

Equifax needs a new CISO, CIO and CEO...this should have never happened...to this scope. The execs who unloaded stock before public disclosure of the incident...I hope that is fake news.

Allow our info data to be hacked, let executives profit in the stock market, then charge us $10.00 and a full disclosure of all our personal information to freeze our account. You are using your own ineptitude to make a fortune. Thieves. Any honest government would pull your license

Wouldn't it have been nice if the hackers removed negative content from our credit report as opposed to stealing the info they did.

THIS IS SO MUCH BALONEY! VERY FISHY AT THE LEAST.... EXECS SELLING STOCK?? NO NOTIFICATION FOR HOW LONG???? EQUIFAX SHOULD BE GIVING ALL OF US FREE SERVICE, FREE MONITORING, FREE EVERYTHING....
NONE OF THIS WAS "OUR FAULT" - THIS WHOLE MESS IS THEIR FAULT!!!
IS THERE A PENALTY THAT WOULD BE "STRONG" ENUF TO REALLY REALLY PENALIZE THEM FOR PUTTING ALL OF US AT RISK???? PRAYING THAT THE FEDS, FBI, FTC AND ANY INVESTIGATIVE GROUP IS ON THIS WITH FULL FORCE..... THIS IS ABSOLUTELY SICKENING.....

Disgusted and mad as hell about Equifax and their lack of controls. We are captive to these companies who serve the banks and not the consumer. It's time for the CFPB to shake things up.

The US Govt. FTC is advocating EVERYONE to sign up for Equifax's "TrustedID Premier" credit monitoring program. While this is free for ONE YEAR, you have to ENTER YOUR CREDIT CARD information, which WILL BE AUTOMATICALLY BILLED after the one year is up. If you dispute a charge with Equifax, doesn't your CREDIT SCORE automatically GO DOWN? And why would anyone TRUST EQUIFAX WHEN 209,000 CUSTOMER'S CREDIT CARD NUMBERS WERE JUST STOLEN?

It seems the US Govt FTC "ANTI-FRAUD" SITE JUST MADE ITSELF A LIABLE IN ANY FRAUD LAWSUIT BY ADVOCATING THAT *EVERYONE* SIGN UP FOR THIS SERVICE!

Govt. lawyers and NY State Attorney General Schneiderman, are you listening?

A EQUIFAX Credit Score is now needed to sign up for government services like my.socialsecurity.gov and even to rent and apartment or get a job, not just to buy a house.

The *FTC* needs to shut down Equifax ASAP and take over FREE credit monitoring itself!

Don't you find it a bit odd that a company who's been hacked and took 6 weeks to tell anyone, is now asking for the last 5 numbers (instead of the typical 4)? How can anyone feel safe giving Equifax more personal data when they remain unresolved of this hack. Just appears to be a way to avoid class action suits.
I'd be careful about giving Equifax additional information, until they resolve this 100%.

So, Equifax FINALLY tells us, months after the fact...AND they tell us when the news and people are focused on the natural disasters in Texas, Oregon, the Caribbean and Florida. Nice tactic, Equifax.....Such shenanigans...

Hey FTC this is the discription of your purpose in life. The Federal Trade Commission (FTC) is the nation’s consumer protection agency. The FTC works to prevent fraudulent, deceptive and unfair business practices in the marketplace. DO YOUR JOB!!!!

pretty interesting this becomes public only after one major hurricane and just before another. equifax hoping to have this get buried in the headlines? hmm...

Will the US Government now PROVIDE 143,000,000 CITIZENS WITH NEW SOCIAL SECURITY NUMBERS?

What about FREE NATIONAL BIOMETRIC IDENTIFICATION for all financial transactions, instead of a number?

How is it possible that anyone can "steal my identity", when we need a Social Security photograph (a form of biometric identification) to just be hired for a job under the E-Verify UCIS? Why not for getting a tax refund, opening a bank account, or even withdrawals and purchases?

We citizens have a RIGHT NOT THE SECURITY OF OUR IDENTITIES PROVIDED BY THE US GOVERMENT.

The US Government must put an end to the threat of Identity Theft!

(For those that want to "opt out", there's a simple solution: Pay cash for everything, don't drive, don't work, don't get tax refunds, and live in a cabin in the woods. It's your "right" to do that, too.)

With respect to your advice: "Respond right away to letters from the IRS," this is good advice.

However, people should remember not respond to emails or phone calls from people claiming to be from the IRS. I have reported such common scams to the IRS before and have been assured by the IRS that they do not send emails or make phone calls asking for confidential information.

There needs to be a way go after Equifax for not telling consumers in July. Now I am one of those people whose information is exposed and supposed to take it ok. This is messed up

Pages

Leave a Comment