You are here

The Equifax Data Breach: What to Do

Share this page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, www.equifaxsecurity2017.com. (This link takes you away from our site. Equifaxsecurity2017.com is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting annualcreditreport.com. Accounts or activity that you don’t recognize could indicate identity theft. Visit IdentityTheft.gov to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit Identitytheft.gov/databreach to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.

 

 

Comments

The site that Equifax set up for consumers to find out if their data was hacked -- which requires *giving your ID information to Equifax again* -- has many of the hallmarks of a crooked website -- including a BAD security certificate. OpenDNS flags it as dangerous.

The certificate on the Equifax web site above is invalid. How can I trust it?

consumer protection. MY FOOT. cancerous food ingredients, corrupt secret information holders. FTC IS WEAK to the dollar.

how about how equafax sold lots of shares b/f they told the public??????? i guess HR, they are reacting in a timly basis, for their bank accounts,

good thing im a little person, now i get to freeze my credit, and for the rest of my life monitor my credit.

thanks equafax and thanks ftc, both, for your "protection"

Got an elderly relative's Equifax file frozen with minimal hassle online----I hope. After entering the 6 digits, they said his wasn't part of the hack. Froze it anyway. Couldn't check his file for suspicious activity, because his "annual free credit report" is already used up. We checked it in April. I don't know if I believe any of the info from Equifax. And don't get me started about the other 2--TransUnion and Experian. They wanted a stack of personal i.d. documents sent to them before freezing the file! Couldn't access the file for them either; same thing --- already used up the annual free report! So to freeze all three files for this one 86 yr old loved one who will NEVER need to take out another loan or apply for a job, it's going to be HOURS and HOURS of work. Then we have to do the same thing for ourselves....It sure seems like the fix is in, folks. The American middle class is just a huge cash cow for every jet-setting grifter and con artist on the planet. If our leaders in Washington want to avoid pitchforks in the street they need to act fast.

The link to Equifax is blocked by my security software. The correct link is https://www.equifaxsecurity2017.com/ or https://www.equifaxsecurity2017.com/potential-impact/ is better.

It's time for the government to start cracking down on businesses that make money off of individuals information but fail to step forward when their actions compromise that individuals personal identity and assets. I just got off the phone with Equifax. They are nonresponsive and downright combative. Does the government have any control over these institutions? It's time that I need to sample be made so that these companies become more accountable for their actions. I'm fed up with this crap.

Dear Enabled FTC human:
Please create a secure resolution for all of us regular people. Also, enact / enforce legislation to prevent / punish this bad behavior.

I have looked at this page on a MAC and PC and don't see a potential impact tab...

Why is the FTC not fining Equifax?? Why did it take the FTC 6 weeks to notify consumers? This is BS and Rick Smith should be fired!!! Unacceptable!!

I will be suing in the small claims court and Demand life long credit and identity protection for my family members. See you in court.
Equifax's offer of one year protection is lame and their actions during his data breach probably will bring this company to bankrupcy.

I think equifax should provide free credit freeing and credit protection for all those affected by this hack. Their system was hacked they should have done a better job of protecting people and our info.WE NEED A NEW SYSTEM FOR CREDIT STOP USING PEOPLES SS# AND COME UP WITH A DIFFERENT WAY OF PROTECTING SS#

FTC, please respond. Going to the Check Potential Impact site requires entering the last six digits of your social security number and last name. When four digits is the more typical expectation, why six digits in this case? Providing more of our sensitive information on line in the case of a security breach feels unsettling.

It is shameful that the FTC is endorsing the Equifax website, which provided no useful information. It is time for the FTC to stop endorsing the Equifax response and start investigating why Equifax is not doing more.

Everybody here is a little crazy - We are victims of this but so is equifax !! they have very good cybersecurity but the hackers were better - why is the all about blaming the victim?? where is the outcry and outrage at those who committed the crime ? the DAMN hackers? Equifax may go bankrupt - their employees may all lose their jobs. This is tip of the cypercriminal iceberg. Time to go after the bad guys!

I heard about this breach just a few days ago on TV. I also learned it happened several month ago. Why weren't we notified then? This is like closing the gate after the cows got out. This is our personal info which was entrusted to them. They need to repair this now!

Consumers without a personal computer or smartphone can't find out if they are affected. You should have a right to know.

It just gets better and better! If you put in your name and six digits of your SS# once you click in you have WAIVED your right to sue Equifax!

links aren't working

Do we really need 3 different reporting bureaus? If Equifax failed as a result of this data breach, would Experian and Transunion implement more security measures to protect consumer data in the future?

I can't even get to the site to find if I am affected. Useless.

Equifax should be shut down and the executives sent to prison for a long time.

1) Unacceptable for Equifax to have a data breach this large for information so sensitive and then wait weeks to tell consumers!
2) Then they want you to go to another site to provide additional information where they sneakily waive your right to a class action lawsuit! This is disgusting Behavior!
3) And if that's not enough Executives that new about the data breach sold off bunch of stock. Again disgusting and complete lack of ethics!
4) At a minimum all Equifax consumers should have lifetime credit monitoring and protection. FTC make it happen!

"FREE" credit protection ??!! The credit monitoring service called Trusted ID will give you FREE protection for a ONE year trial period after which you WILL BE CHARGED if YOU don't call the company to cancel the subscription. DO NOT trust Trusted ID as there are more sneaky provisions and you WILL end up paying for them..... Who is to Trust a company called TRUSTED ID ??!! Not me!

Nice. They sold stocks previously to the hacking notice. If I still an apple in the grocery store i probably get a fine and time in jail. Way to go Equifax....impunity and the nerve to include a "do not sue me and I'll give you free monitoring for a year"...In other words, do no steal cheap....go for the big bucks and you'll be free to go!! Hackers must be laughing all the way to the bank!

I finally got the email to verify and activate account with trustid and it doesn't work, says nothing found. Beginning to think this is a hoax to get our info or something since nothing works

You should be informing consumers that if/when they sign up for the "free" TrustedID credit monitoring service, they are waiving their rights to sue Equifax either personally or as part of a class-action.

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

Nice, Equifax's http://www.equifaxsecurity2017.com/ is down. Go figure.

https://www.equifaxsecurity20017.com is coming back as having malware attached.

Due to the Equifax breach, all the info needed for identity theft has been exposed. And yet people must pay the credit bureaus for placing and/or removing a security freeze. The fees are state-by-state, but with this magnitude of breach, why can't the FTC force the credit bureaus to make the freeze free for everyone?

FTC needs to apply steps to help the consumer find out, through all of these agencies, if individual information has been compromised.At least allow individuals to check if their information was taken so we can be concerned. As it exists looks like we have to crawl over to the websites and access is compromising rights of eula to Equifax protection only?

the equifax site to find out if you were impacted only says you may be or not. This is a total fail of public trust. Add to that the total incompetence of the way it is being handled. And to all those who don't like regulations and vote for incompetent idiots thanks!. The federal government needs to shut this company down as they have totally failed to engage as a functioning business with the purpose of protecting our information. It is all about the money with all these companies. Selling and trading our personal private information while we get nothing. Everyone impacted should receive an incredible sum of money for their data immediately and this company then boarded up forever.

Count me in for the class action. What do I need to do?

I went to add a ecurity freeze to my wifes account and my account and they are wanting to charge $5 to do this. By placing a security freeze on your credit report for Equifax and their breach is only adding insult to injury. They are looking to make millions by ALSO charging everyone affected to place a $5 charge to do this. So if you have 143 million people times the $5 charge, you are looking at them making an additional $715 million dollars to place the freeze on your account. That is bull. They should be allowing everyone affected to place a freeze on their accounts free of charge, as well as enrolling in the protection they are offering everyone.

As one of the millions of Americans impacted by this breach, I would like to FTC take the following action
1. work with state governments or independently to remove all fees for credit freeze/ lifts which are being charged by credit reporting companies
2. mandate higher security (like 2 factor authentication) for these companies as they collect information without consumers acceptance
3. regulate/ require these credit reporting companies to provide an easy way allow users to completely remove their information (address, SSN, history etc.) from their systems. This is similar to Do-Not-Call list but applied to all credit reporting companies.

Good actions!

Where is the investigation of Equifax for terrible protection of personal sensitive financial files? After months of investigating Trump with no evidence, Equifax should be thoroughly investigated. Equifax should post a trillion dollar bond to repay any victims of Equifax now or in the future.

Equifax sucks. Period.

I didn't consent to Equifax having my data in the first place. This is a case of thieves stealing from bigger thieves.

Until we have legislative remedies to put companies like Equifax out of business, perhaps breaches like these are actually doing more to protect consumers than the FTC is?

Big ups to the attackers for making a lot of noise about this!

FTC PLEASE RESPOND! Does just checking to see if you have been impacted make you agree with the terms of use, whatever they are

You're asking about how the Equifax online system works. The FTC does not have that information.

The Equifax phone number provided on the FTC web site (1-888-766-0008) offers up a web site www.alerts.equifax.com which allows you to put a credit hold. However, that phone number doesn't match the phone number equifax provides and if you go to equifax.com there is no such link. Is that 888 number provided by FTC correct?? concerned I may have provided my information to a pshing web site.

Who gives these agencies authority to store people's information and give advise (credit score) on someone's worthiness for a giving back a loan?? These agencies should be dismantled and their loots shared among all the people whose information they have gathered including mine!

I went on the Annualcreditreport site offered by Equifax to find out if I was a part of this large group off Americans affected by the hack and since I was not on my personal computer but my cell phone, they said they could not give me the results after I submitted the information they needed. They said they would mail me my report??!!?? Did I just get scammed possibly twice? And since I requested the report from the given site, did I just waive my right to sue? I didnt sign up for any free year or anything, but I'm noticing ppl are saying that it automatically enters you into that.

Hard to believe, but consider that this is all perfectly legal. First, none of the supposed gate keepers at Equifax has any knowledge about a massive theft of sensitive consumer data from their systems affecting 143 million Americans for months. Next, Equifax Executives sell massive amounts of stock before making the public aware about a massive problem they knew about for months. The problem will haunt those affected indefinitely. Next, the company sneaks in some crafty language that waives your right to sue the company if you choose to sign up for recommended services since you are likely a victim of the massive data breach. Then, no doubt reluctantly, Equifax backs down on its no right to sue scheme. This monster has our most sensitive information and we can't get it back --- ever. This monster needs to be shut down right now!

I may have just gotten a free account freeze from Equifax by accident. I thought I entered my login and password correctly and kept retrying. After about five attempts, it wouldn't let me try anymore. Then I noticed I got an email with the following: From: Member. Benefits @equifax. com Subject: Equifax Personal Solutions Security Alert You are receiving this e-mail because you were unsuccessful in your recent attempt to login to your Equifax Personal Solutions account using your Secret Question. If you are not the person who tried to log in, please contact Equifax Customer Care immediately.

For your protection and security, your account has been locked. To unlock your account, please call Equifax Customer Care at 1-866-640-CARE (1-866-640-2273), 8:00am-3:00am ET, 7 days a week.

As always, thank you for your business. We look forward to assisting you. Your Equifax Customer Care Team So, all I gotta say is thanks for the free account freeze Equifax. Why in the world would I pay them for an account freeze or identity theft insurance when they caused the problem. This is such a fast way to freeze your file too!

I called Equifax and when they gave me a 10 digit pin number they spoke so rapidly I had real difficulty getting the pin number written down. I chose the repeat option and they said thank you and hung up. You need the pin to access your account. Catch 22.

I have been identified that Equifax says my DOB, SSN, drivers license, bank account, and credit card number have been compromised (nice word for the dark web has it). They offer 12 months free ID Theft services. They stand to make untold fortunes on ID theft services after this time. They should provide free ID Theft services to all those involved for the rest of our lives. Help us please make this right!

WHY would I sign up for credit monitoring with a company that provides credit monitoring and has just been breached and has taken its time to share such information? After a year of free coverage, Equifax will begin charging the very people it has made vulnerable when the affects of the breach can be far reaching than one year. A hacker maybe sitting on the information for several years waiting for the guards to let their guards down before using such information; then what? How will consumers be compensated 3-5 years from now if they are victims because of this breach? NOT ENOUGH IS BEING SAID; NOT ENOUGH IS BEING DONE; THERE DOES NOT SEEM TO BE ANY REPERCUSSIONS FOR EQUIFAX QUESTIONABLE ETHICS AND JUST NOT ENOUGH INFORMATION FOR CONSUMERS! The US is falling apart at the seams.

Equifax, how can you as a powerful agency have the audacity to ask compromised victims of your lax security to sign up for your monitoring service. How can YOU assure us that information will be safe? You should be allowing the public to sign up for a service outside of you like Experian or LifeLock, etc. You are endangering those that may or may not have been affected to a breech once again. That's like Target asking their customers to sign up for their credit monitoring. Would you do that?

Pages

Leave a Comment