You are here

The Equifax Data Breach: What to Do

Share this page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, (This link takes you away from our site. is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting Accounts or activity that you don’t recognize could indicate identity theft. Visit to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.




With respect to your advice: "Respond right away to letters from the IRS," this is good advice.

However, people should remember not respond to emails or phone calls from people claiming to be from the IRS. I have reported such common scams to the IRS before and have been assured by the IRS that they do not send emails or make phone calls asking for confidential information.

There needs to be a way go after Equifax for not telling consumers in July. Now I am one of those people whose information is exposed and supposed to take it ok. This is messed up

It's a sham. The "Potential Impact" tab does not work. Go ahead, put in any number you like, including 111111 and 999999, it will still tell you that you've been impacted. Considering that the pop-up is near instantaneous, I can guarantee you that a database query is not being performed on 143 million rows of data. Way to go Equifax. Thanks for nothing. You guys truly stink.

The link does not even let me use it, it says its insecure and that people might be stealing my information, worthless. Visit Equifax’s website,

FTC - This is not enough to fix this situation. The American people demand that Equifax be held accountable and financially and criminally punished for gross negligence and insider trading.

Equifax has been running a commercial offering a free scan to determine if your personal data is on the dark web. The commercial began a few weeks ago, prior to the breach announcement. Interesting timing.

Plz..EQUIFAX is husband put a "freeze" on his credit in 1995....since then the person that stole his identity has purchased 3 THREE apartments..CRUISES..even got his income tax returns for the years of 2001-2004...and have not to this day stopped...all courtesy of EQUIFAXs "freeze" on his account. He cant even open a checking account without someone snatching the funds to pay for this persons use of his identity..he was stopped for a minor traffic violation and almost went to jail until the officer looked at his license and realized he was not the person in his data base. My husbands identity is ruined because of EQUIFAX NOT doing what they were supposed to. Believe them at your own risk. Get yourself some real credit monitoring and block your credit with the other credit reporting agencies. We recently tested to see if they had at least tried to "freeze" his credit account and he was successfully able, without authorization, allowed to purchase a CAR!!! beware, beware, they will not follow through or block or freeze ANYTHING.

They expose everyone's data to theft by hackers and then they give everyone a "free" one year subscription to their protection plan—after which you have to pay for it. (And by signing up for for it you waive any legal protection you have.) And everyone now has to do the same thing with all the other credit bureaus if they want top protect their credit. This is like a mafia shakedown. They create the problem through careless business practices and then charge us money to solve the problem THEY caused. If this injustice is allowed to stand it will be a profit making opportunity for all the credit bureaus—and a new element in their "business plan".

Do not enter any information The site provides answers for imaginary names and SSN (that there is no evidence that there was any impact and then a shameless marketing campgign that you could enroll for trusted id premier, as if someone would somehow now trust equifax with any more information).

Since credit reporting agencies don't receive your login name and account password from your financial institutions, changing your account passwords does nothing to protect you from an Equifax personal data breach.
Why misdirect people into changing their passwords as a false confidence toward taking action to protect themselves in this particular situation?
Your online financial account access is actually more secure than the fraud exploitation potential (that now exists after this breach) this has toward a criminal making direct contact to your financial institution either over the phone or in person. ie. Hi, my name is so and so, but I don't have my account number handy, so could you verify my account access using my SSN and DOB?
The only protection a person could employ at this point is to have a run on the banks to withdrawal accounts and from now on keep your savings and retirement funds anywhere other than at a financial institution. ie. safety deposit box, house safe, under the bed mattress, convert it to gold.
But the FTC will never make a suggestion to have a run on the banks, this would go against the wishes of the FED and the entire financial industry.

Equifax is due for a very-very large lawsuit and ensuing bankruptcy.

Equifax only allow you to freeze your credit file if you sign up for one of their "products", which range in cost from $20-30 per month.

Equifax should provide the ability for consumers to lock their credit files FOR FREE - they have committed a major breach of public trust and their duty of care in protecting personal data.

I noticed in the Terms of use box at the bottom of the Equifax Security Freeze Webpage the following: "...AND AGREE TO THE FOLLOWING TERMS OF USE AS WELL AS THE GENERAL TERMS OF USE FOUND AT THE LINK AT THE BOTTOM OF THE PAGE..." Item 4. of the general terms is an agreement to resolve all disputes by binding individual arbitration. There is an opt out option. The opt out request must be submitted in writing within 30 days of use. Does this make sense? You can't even put a security freeze on your credit file without being bound to arbitration?

Sorry, but everyone should have automatically been signed up for credit monitoring and given the option to opt out if they want. There will be many fake websites saying they are legit getting more information from people.

Rest assured that the FTC and all responsible government authorities will do everything to protect the wishes of all who possess incomes exceeding 7 figures and/or $100 million of net worth!!!

Be wary of the free year of monitoring. You have to agree to arbitration in the event your identity is compromised. And can't add your name to any class action lawsuit.

This is a crock of crap, I entered a fake name and fake 6 digit number, multiple times, and the message still said that my information was thought to be compromised. The hoax isn't that Equifax got hacked, the hoax is when you check to see if it was you. They are running a big scam on that end. They want you to enroll in a year free monitoring. Why would I do that if they screwed up the first time.

Can I get a new SSN?

I never asked equifax to store my personal info or gave them permission to have said data. Now we all get to sit around wondering if we are victims? There should be a database searchable via the last 4 ssn # and something like year born to instantly see if your info was stolen. My thoughts are that equifax has no idea of who was or was not affected?

I think it's time to consult with a personal atty as this could be huge especially if there is any truth to board members in the know selling off stock anytime after the "breach" but before coming out publicly and like others said we have our ssn till death (well unless your initials are B.O.) and if our info was leaked it will require lifelong monitoring/protection.

Although everyone is upset that it took weeks to make the announcement, it is the normal process, to provide the organization and authorities an opportunity to investigate to a thorough understanding of how much data and who was affected. So although it seems unfair it is normal practice in these incidents.

Here's a suggestion for the FTC: Fine Equifax an amount equal to the cost of protecting 143 million customers for life. Then use this pot of money to give all those affected by the breach real credit and identity protection forever.

Equifax, Transunion, and Experian are companies that make money out of our personal information -information we did not authorize them to use. This incident is forcing me to pay for services to protect information collected from me and sold without my permission. How is this different from blackmail? This should be a federal crime, and should be prosecuted as such.

If they got our social security numbers, our names, addresses, the damage cannot be fixed. These hackers especially over in India have already a large data base that contains information on most of us in the US. I am a victim of this abuse and they compromised my computer. They have tried to get into my internet provider info and paypal account. I no longer will do online banking.

It is not a free monitoring service you have to give a credit card to sign up. FTC needs to step up.

If I checked the potential impact, but did not sign up, can I still be a part of the class action suit?

I just tried the Equifax website to see if my data was affected. The response after entering the requested data was a message about potentially being affected and to please enroll in their credit monitoring service. I then tried my wife's information. Same response. I then made up a name and last 6. Same response. I think the query set up by equifax is bogus and they have no way to confirm - they just shoot the automatic message. Please someone else try. Not helpful!

Where can I find the police, FBI, FTC, or other report filed by Equifax.

It looks like we'll need this when setting up credit freezes with the Equifax and the other credit reporting companies to avoid paying the fees. It would be ridiculous for consumers to have to pay money for an industry caused problem,

Where can I find the police, FBI, FTC, or other report filed by Equifax.

It looks like we'll need this when setting up credit freezes with the Equifax and the other credit reporting companies to avoid paying the fees. It would be ridiculous for consumers to have to pay money for an industry caused problem,

Watch out. Getting some help from Equifax may limit your ability to recover damages. It may limit your relief to whatever their mediation decides and you may not be able to take Equifax to court to recover damages caused by their breach.

It's high time for government to stop assigning number to my life and use biometrics.

In summary,
-Equifax did not notify consumers timely of breach.
-Executive officers sold stock prior to notification.
-Equifax offered so-called credit monitoring, free for one year, with automatic renewal for a fee.
-Equifax wants the last SIX digits of SSN. Then, ID thieves will only need one's state of birth or residency to determine complete SSN.
-I joined class-action lawsuits years ago against retailers for data breaches. No communication thereafter.
Need better consumer education and protections from wrongdoers and these "steps to take to help protect yourself after a data breach" don't pass muster.

I had subscribed to their service and they are not providing a refund. How can I get that. FTC please do your job.

TrustedID site isn't taking applications. It keeps rolling back to the "getting started" page - even if you have selected "continue enrollment"


Complaining here is not enough. How about 143 million consumers whose identity may have been hacked will file formal complaints with the FTC, BBB and CFPB (Consumer Financial Protection Bureau. Easy to do online.

Consumers take ACTION now - write to and call the office of your US Representatives and Senators. Share your concern and disgust with the gross negligence of Equifax. One voice will not be heard, but 143 Million voices WILL be. Let's insure Equifax cannot impose one-sided conditions on victims. Prosecute the incompetent Equifax leaders who profited via insider-trading with full knowledge of a disastrous security breach. Join every class-action and other lawsuit possible against Equifax to provide a recovery funds pool. One voice will not be heard, but 143 Million voices WILL be.

The FTC must order these companies to make credit freezes FREE IMMEDIATELY. Anything less and you are a completely useless, toothless agency.

This is really scary stuff as my info was also effected by a federal data breach a year and a half ago. That free credit monitoring ended in this Summer. How am I suppose to keep my info secure? When there is someone out there who has all my personal data including my fingerprints? Would it be best to cancel/close out all credit cards and bank/savings accounts and open new ones? At a later date? What is the best option. I have heard that most accounts won't be accessed for several years, just when you start feeling safe.

UNbelievable. Credit "monitoring" and "freezing" just don't seem to be enough with the magnitude of information obtained in this breech. Why have the equipment to "monitor" a home invasion but, not have the tools (windows, doors, locks) to deter or prevent it?


You should pay billions for your idiotic dumb mistakes.

Hey FTC or @Trump or anybody out there in charge - when are you going to regulate these credit reporting agencies? They have consumer data, my data which i never asked them to keep and they sell it to companies and then sell me protection services for data i don't want them to have or store. This is an outrage. At this point, I would more trust the US Government to run the credit reporting bureaus. Maybe this needs to be taken over by the US Government?

The EQUIFAX SITE is a joke - Try entering any random name and 6 digits and it says you are hacked and then they give you a future date when you are to return to apply for your "FREE" monitoring which on day 366 they will sell to you for $14.95 per month. THIS is a joke!!! When is the US GOVERNMENT going to start to protect the people of the US from these extortionist CREDIT BUREAU REPORTING AGENCIES. They need to be shut down now! This is an outrage and the CFO sells all his shares before the breach goes public. Uh, has he been arrested and jailed yet? I think that's insider trading. Get on it @TheRealDonaldTrump

when you call they refer you to the web site to check

I've been signed up to Experian's ProtectMyID service for over a year. They still have yet to inform me of this data breach, which they caused. This is one of the worst data breaches in american history, to the point where this business should be defunct, and credit agencies like it should seriously be reconsidered for the 21st century.

In another turn of events, Equifax provides an incredibly unsafe security freeze pin (the PIN is the time you call for the credit freeze). If you go this route, don't mention this time publicly. This company must go.

I cannot change my DOB, I cannot change my SS number. I am forever hacked and 20 years from now they will still have my info. Thank you Equifax.

All the lost data was already lost during the Experian breach in 2014 which involved over 200 million records. The three bureaus have essentially the same people in their files. As for failure to bullet proof the db, this just proves that all the high and mighty cyber security companies selling their systems to companies like Equifax really haven't found a way to really firewall computer systems. Faulty softeware. Equifax, like everyone else who has been hacked, including the federal government, buys from these huckster software companies.

I believe that Equifax should monitor and repair all 143 million of us who got hacked until we die and our SSN is no longer valid. I also agree that Equifax should pay the cost for freezing our credit.

The racism in this film is beyond ridiculous. You're even depict folks who commit identity theft via massive data breaches as men of color preying on middle class white folks? As if folks of color don't also experience identity theft or have to get credit reports -- i.e. at every apartment rental, etc. You really think the folks doing this particular crime "fit the description" as well? Totally unacceptable, yet not surprising from our government.

The idea that a company with this level of sensitive information about so many people is not properly securing it is appalling. The FTC and federal government must hold this company and it's executives accountable, and I will be watching for this and voting accordingly. And those exec's that sold shares before the information was made public should be prosecuted for insider trading. So much about this is criminal.

FTC - there is no "Potential Impact" tab!!! Goodness.


Leave a Comment