You are here

The Equifax Data Breach: What to Do

Share this page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, (This link takes you away from our site. is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting Accounts or activity that you don’t recognize could indicate identity theft. Visit to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.




maybe this is all a business scam to eventually scare people into paying for theft protection

you left something out Rick ... 3 Equinox execs sold stock before the announcement was made to the public...Equifax claims these senior executives did not know there was a data breach...they may not have known, but the perception is really really really bad.

What a joke! Their system was hacked & the whole database was open for over a month & the senior execs didn't know. Give me a break>

Latest news says they were lobbying congress to get little or n to penalty for their lax service. That's why they didn't tell us right away -
The whole company should be shut down- and the top 3 guys who sold ahead of time- to jail for acting on insider information

So the big three execs sold their stock when the price was up and they didn't know about the breach yea right. No gone public about breach stock went down did they make a killing. Inside information if yiu ask me

The senior executives sold their stock three days before going public. If you believe that I have 100 million dollars in a foreign account that I'll split with you.

I'm with you. I never gave them permission to have my info. I've never even heard of Equifax, until now. How is this legal??

Sarah--any time you apply for a loan (car, house, etc), or a credit card or fill out an application to rent, etc, the bank, credit union, company, landlord etc checks your credit on at least 1, likely all 3 of the credit bureaus. Doesn't matter if you've heard of them or not. When you apply for any of the above, you agree to have your credit checked (if you don't agree to that you don't get the loan/apt. house...) and what that means is all of the info you provide for the application goes into the 3 credit bureau's database. It's all quite legal.

I did agree to have my credit checked, I DID NOT agree to allow Equifax to collect my data. Should I be allowed to opt out of participating with specific credit companies (Equifax in this situation) that have demonstrated incompetence in protecting critical confidential financial information?

This was set up to happen decades ago. They were collecting this information well before the Internet was a thing. They just did a very poor job of planning for such a problem. Plus Republicans wanted to soften the regulations allowing it to be easier to be hacked.

when did this become political??

Proof, please. TIA.

I've been asking the same question for 20 years.

When you apply for credit of any kind your information is cleared through Equifax (or the other two major companies, Experian or Transunion). You give that permission tacitly as a condition of applying for the credit.

Even better, Rick, they not only got our info, they are SELLING it to companies who request a credit report on us. What right do they have to own our personal information? I don't remember signing away any rights to my own information.

Even worse I think :( Don't they also sell it to marketers? Cannot say for sure but that's what I've heard.

Every Company is doing it. Republican Congress just gave permission to the big Corps: Verizon, Comcast, AT&T, etc. That they can gather your information & sell it without any benefit to us. Poor babies don't make enough money. This just further erodes our Privacy. We all are just a commodity. Take the time to call or write your Representatives & complain. We are not a commodity.

I agree completely!

Rick, You are exactly right. It make us wonder if they purposely instigated the breach so half of the Americans will sign up their monitoring service and keep paying them for the rest of our lives. All the credit unions collect our private data and sell them everywhere. Now, they also want our hard earned money in the disguise of monitoring/protecting our credit.

'All the credit unions' -- don't get credit unions mixed up with credit bureaus. Credit unions are more like banks and don't monitor credit like the Equifax and Experian.

They have broken into my accounts .Tammie meant on September 13, 2017."All the credit bureaus collect our private data and sell them everywhere. Now, they also want our hard earned money in the disguise of monitoring/protecting our credit." I think you summed it up well Tammie and in my knowledge this is called racketeering, offering those who pay safe harbor from their own harm. My Visa credit card information just got compromised by Equifax and someone has already used it online on September 14 charging on it $4,000 in one day for purchases on Amazon. Fortunately my credit card company is not charging us for these orders. We are paying for what we charged on it for this cycle but the $4,000 charge will still appear on it until the investigation is completed 6 weeks from now. I just spent 3 hours on the phone cancelling and renewing 6 credit cards. Next is calling Wells Fargo to register my voice imprint with them so no one can impersonate me on the phone now that they have my driver's license, social#, account numbers. Next is requesting a code # every time I go online into my accounts.

Spot on; well thoughts exactly!

Not only that, but TransUnion and Experian want us to pay to place a freeze. Why is Equifax not covering this freeze fee?

I read they charge also, but I went out to Transunion today and was able to do the credit freeze without having to pay anything.

Fees differ depending your state of residence.

That is correct here in Tennessee I had to pay $7.50 for a freeze with TransUnion and $7.50 for a freeze with Experian

Free in Maine

You may not have to pay to freeze your account, but you may have to PAY to UNFREEZE it. It is a very tricky, complicated, manipulated and unfair situation. I've just tried to call for all credit reports from 3 agencies at the same time on, they didn't work with the excuse of Equifax is being hacked. I hope we don't have to pay every agency to get a copy now. So screwed up!

When I called for a credit report from Equifax the recording said my score and credit report was being updated and I would receive it in 3-4 days. I thought that was odd since I had not previously asked for it.

Mavis, what do you mean you "went out to Transunion"? What did you have to do to not be charged the freezing fee?

Because acc to law they need to ask for charges wherein due to breach equifax has promised 2 year free monitoring

Yes, YES, YES! Someone else does see a problem here. Unfortunately no one involved with consumer protection sees it. I have been screaming about this for years. You have to pay THEM so you can monitor THEM to make sure THEY don't screw up your information. Isn't there a name for this that ends with the word fraud?

Racketeering is the term you are looking for.
Racketeering, often associated with organized crime, is the act of offering of a dishonest service (a "racket") to solve a problem that wouldn't otherwise exist without the enterprise offering the service. Racketeering as defined by the RICO act includes a list of 35 crimes.

the fox guarding the hen house...

While the whole thing is completely messed up - The credit monitoring that is being offered is free for a year.

And after dealing with a credit monitoring service for over a year (fraudulent activity since the middle of May - HMMM???), I can tell you it's just another form of incompetency being advertised as a cure all.

Why is it that when we are victimized that WE have to fix it....why can Equifax send US correspondence via the old fashioned way and let us know if we have been breached instead of US having to go to a website we already don't trust and why aren't they automatically monitoring for suspicious activity - there are programs that can flag ....The burden should be on Equifax, not us.

I agree!

I agree. I tried to activate the free service via the telephone only to find out it can't be done that way.

And now they want us to "trust" them and enter our SSN (most of it anyway) and last name on an "outside Domain" web page, to tell us if our SSN was compromised or not! Seriously???

Rick they get your personal data anytime you apply for credit, be it credit cards, car or home loans, and even medical bills that go to collection. I think they are all crooks. They "investigate" things you report as errors, but will never correct it.

You know. You are spot-on! And it's not like we asked to be a part of their corrupt casino Capitalism racket! I don't think Europeans even have to participate in a credit rating B. S. System. A real estate gent who sells property to Europeans told me that. This is a big racket to take advantage of American consumers. They must be held accountable and our politicians need to hear from all of us! Thanks

Yes, I see a problem here. Ultimately, Equifax is try to sell you something.

Exactly... I concur!!

Where does it say ' You no longer give up your right to sue if you sign up for the free monitoring service' Where on ABC's site? I didnt find anything. Where is the actual link?

I read that at this time of signing up we still have the right to sue. But they also say Equifax can take that right and change it at a later time.

More fake news...look out for that

2) No Waiver Of Rights For This Cyber Security Incident
In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident.

Gabriel Guess you could say 09/23/2017 End of ? AMEN

According to the NYT and elsewhere, that language may not be "controlling," meaning, you may be giving up your rights nonetheless. Beware.


Leave a Comment