The Equifax Data Breach: What to Do

Share This Page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, (This link takes you away from our site. is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until November 21, 2017 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting Accounts or activity that you don’t recognize could indicate identity theft. Visit to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit to learn more about protecting yourself after a data breach.


That is not true.

and why would anybody want a company that has just (months ago) proven it can't look after peoples data, to then keep an eye on their security for a 2nd time?

They are probably the safest of the 3 now.

They've had at least three major breaches within the last 10 years... what makes you think they're suddenly safer?

Wow I wasn't aware of other breaches before. And I've been disputing information that's on my report that doesn't belong to me and they have the nerve to give me a hard time knowing that people's information had been stolen. Where are the laws that protects us from them? They definitely aren't included in the FCRA!

I agree, they are very likely the safest now.. A data breach can happen to the best of them, even those crossing their T's and dotting their I's in regards to security.

Wrong. Don't give your information to a company a second time that just had a breach of millions of records. You think a company this big can plug holes that quickly and competently? Plus that site is not even on the domain.

Unfortunately that's not an option. Any credit lender, bank, utility company that pulls credit, also provides your information to the three credit bureaus. What sucks most about this breach is you don't have any control over them having your info. Unless you stash cash in your mattress and live under a rock, adulting requires you to have a credit report with them.

Well, they DO already have all of your personal information. So what's the harm in giving it to them again? That ship sailed already.

Exactly! I went back to sign up on the specified date and was asked for my full SS number along with other critical info. Why on Earth would I give them that after that they've done!!!!!!!

On their website it indicates that signing up does not bar legal action. That language was removed from the agreement for this incident only. I had read articles about that and hesitating signing up, but apparently consumer backlash forced removal of the arbitration language. Hope this helps


that's not true anymore - they changed it.

I was told the part saying you can't sue was taken out of the fine print when I called. But when I asked what do I do about the charges that already happened because of this breach I got I Dont Know!

I heard this on the news too

They changed that.

Don't enroll in Equifax. Why on earth would anyone enroll in their credit monitoring program when it was their data that was hacked in the first place. Pay for a reputable Identity Protection insurance service. That is the best way to add some protection. Don't trust the credit reporting agencies to protect your data.

Some lawyers have got them to change the wording so you can now. As soon an possible I will be joining a class action lawsuit ASAP. This was negligent and beyond irresponsible

So you can't sue them if you were impacted by the breach and subsequently had ID theft? Does this go into effect if you have them freeze your credit?

How many million could sue? Enjoy your $20 bucks!

I wouldn't register with them as they are offering the service free for year 1 and from year 2 onwards there is a monthly fee of $19.95 as per information I received. It is important that we know that if we take their free service, we wouldn't be able to join any Class Action suite against them. Also worth to note that the hackers may not use the data say on immediate basis with the intent that is a common perception.

I understand that they dropped the clause about waiving the right to future suits.

Correct. They dropped that clause and their website clarifies this now.

Took me awhile too. Interesting thing-I registered myself and then hours later did my husband. He was given a date two days before mine. Not sure how they come up with the date.

Am I In the Equifax Data Breach, plus date of enrollment

How do I get back to that page to enroll?

I am not seeing a date. Can you explain where to look for that? I am not seeing any change on the screen at all.

I signed in , was shown to be affected and continue to enroll. Was not given an enrollment date - just straight to sign up. Have they caught up enough to handle current traffic?

There's no date...just a white screen.

I ran into that as well. Not sure if it's timing but I switched from FF to Chrome and it worked.

Do you all really want liars to monitor your credit?

Has my account been hacked

Nothing happens for me when I enter last name & partial SS#, as well. Nothing else appears on that page.

I've been waiting a week for the promised email; not much confidence in Equifax...

I went through the whole process of signing up and it said I would get an email to complete the process. I just got an email today that made me go through the first process all over again. Now I'm afraid the 2nd time was a hacker. I don't know why I would have to enter everything all over again.

Did not receive an enrollment date which is supposed to arrive by email. Equifax says they're swamped and they have no idea when an enrollment date will be issued. According to Wendell, the email most likely will appear in your spam or junk folder.

By change do you know if you can enroll after the date they give you? I just tried to enroll and the instructions say that I will received an email from them. That has never happened and to contact someone is nearly impossible. Any suggestions?

Sam is correct. I have notified my credit union of this goof by Equifax.

You have to make sure all the required fields are filled out, and have a green checkmark, or it won't let you continue.

These sites always reject my email address. So tired of this I know my email address. They are asking for info then reject what you enter.

same thing here and all day unable to contnue

when you sign into Equifaxes website you are waiving your right to sue them in the event of a class action lawsuit against their disgusting gross negligence of IT Security.

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

Are answers on a FAQ website page sufficient to override a binding agreement, when that specifically states it constitutes the agreement in full?

First off, let's be clear ... the FTC and other agencies had a responsibility to insure that companies with access to our information were using due diligence in protecting that data. Equifax did not take such measures and their negligence led to this fiasco. FTC, long asleep on the issue of security, cannot wave their collective hands and say it was not in part their responsibility. But, they will do just that.

Secondly, this is beyond a yearly concern. This is your data, your personal data, and if a hacker has it then they will have it forever. There's a lot of heat now on this, but all the hacker has to do is wait a year and then start using and selling the information. You cannot change your information... name, social security information, birthday and so on.

Third, it is not only credit history that is imperiled. Your whole identity is up for grabs, including things such as medical ID fraud, tax fraud, and even someone becoming you by using your identity.

Fourth, Equifax is a fraud and here's why. Go to the site listed above and try to verify that your history has been affected. It might say that it "may" have been affected. The operative word is "may" Does that satisfy or were you expecting a direct, unequivocal yes or no answer. Now type in a last name, any last name will do, and any series of 6 numbers. Look at what they return ... the site might say that you may have been affected or it may say that you were not affected. Now remember, there is no such person as the one you just entered with the random numbers you chose. So, the information returned is bogus dross and tells you nothing including if the return generated from your valid information is correct. But, it just might drive you to panic and sign up with their wing-ding-bee’s knees credit protection scheme.

Lastly, Equifax has not stated what was released; if your information was released at all. To wit from their site, "The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers." Again, please focus on the legalese and wishy-washy terminology. The operative word in the sentence is "primarily" which Easy Law defines in legal terms as, "In a primary manner; in the first place; in the first place; in the first intention; originally." Another words, it mostly is what follows, but the list of impacts shown might only be a partial listing. If the company was really serious about keeping you informed they would state, "The information released included ONLY the following ..." Period. Full stop! Not primarily!

Equifax will monetize this fiasco by getting folks on board their credit protection schemes and then, at the end of the year, will beseech them to continue for $xx.xx per month - because, of course, the threat is still out there. And, when millions out of justified fear sign up to pay then they will profit handsomely. Scam come to mind? What a game it is!

all very valid points, additionally I would imagine all three credit reporting companies have the same data AND with such a massive leak of information (70% of all american over 18 years of age) the other services may as well close shop, they were in control of protected information that is no longer protected...

very well put. Everyone's blood should be boiling about this, but the hurricane took this story off the front page much to Equifax's relief no doubt.

To put a credit freeze on, you must provide each of the three credit info aggregators, 5 -10 dollars each. Do the math, if only 2/3s of the effected class take this preventative measure, and I believe everyone should, then this represents a .5 - 1 billion dollar windfall for the credit agencies for fixing a problem their lack of due diligence created! You break my window. I pay you 10 dollars.

They should have put credit freezes on all accounts immediately on discovering the scope of the breach, themselves, for free and then compensated all people who were effected by such freezes for their troubles. They shouldn't be doing this now for a charge! Where's our lovely Congress and FTC? Busy gutting the CFPB no doubt.
Come on Republicans-you are our protectors! Step up!

The media should stop referring the people as "customers" of the credit agencies. We are not and most of us had our information collected unwillingly and without our permission, with no oversight and no discernible warrantees of its safety. This is what de-regulation of the private sector leads to.

Come on sheeple! Rise up!

Generally, not always, GOP cares about the "rights" of the wealthy & corporations, not anyone else.

Even so, if everyone who's upset about this hammered on their member of Congress (in the Senate and House) for the next 6 months, say one call or e-mail/week, invite friends and family to participate, use twitter, whatever other social media you use to keep talking about this issue) then there might be some action.

otherwise, as already said, it's just business as usual in the US. The FTC can't do anything if it has no legislation or regulations that AUTHORIZE to act. Same w/HIPAA, the legislation itself contains almost no penalties for violating HIPAA. Unless a state has statutes regarding monetary or other penalities for violating privacy, or disclosure of confidential documents/information that includes health care providers, there is nothing in place. For example, there is NO federal legislation that enables an individual to sue any entity that does what Equifax, and Anthem, and TJ Maxx, and and and have done AND that if the individual proves he/she suffered losses/injuries, etc. requires the corporation or other entity to PAY that individual's attorney fees and costs. Also known as a fee-shifting provision. That would make it possible for many people who cannot afford to sue, to do so, if they suffered a loss due to identity theft, etc. That would be one way to "enforce" privacy legislation or laws.
Instead, there is no agency that can actually impose hefty fines, etc. I think some of the state AG's offices may end up suing, i.e,. class actions. That takes a long time, the usual result seems to be a money settlement with the corporation admitting no wrongdoing. And no requirement that the corporation undergo inspection (i.e., hackers trying to hack into their system) to demonstrate that the corporation or other entity has improved its security.

But nothing to stop people from telling their Congresspeople, over and over and over and over again, demonstrating, etc. that that's the kind of legislation they want. And campaigning against their Congressperson at the next election for NOT doing it, since few will.

"Come on Republicans-you are our protectors! "

LOL. Republican lawmakers only care about their own bank accounts. If you want regulation or oversight Democrats are your friends.

Should read "lawmakers only care about their own bank accounts", but nice try.


Leave a Comment

Comment Policy