The Equifax Data Breach: What to Do

Share This Page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, www.equifaxsecurity2017.com. (This link takes you away from our site. Equifaxsecurity2017.com is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting annualcreditreport.com. Accounts or activity that you don’t recognize could indicate identity theft. Visit IdentityTheft.gov to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit Identitytheft.gov/databreach to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.

 

 

Comments

We did not go with the free monitoring service. First and foremost because you then automatically sign a waiver that you will not be able to join an eventual class action. Second because of the automatic renewal clause. We joined an independent service, paid, but a good one. Rather be doing that!

Not only did the trusted source of consumers private data fail us all. Consumers were not notified until AFTER Equifax leadership had the ability to sell their shares of stock!?? I understand the delay in announcing was likely due to investigating the breach, but to allow Equifax major stockholders to sell their shares PRIOR to disclosure of the breach to consumers is CRIMINAL. Furthermore, "Terms and Conditions" should not protect Equifax from civil penalties. The damages resulting from these breaches is beyond repair. Equifax should be held accountable, starting first with shutting them down, then liquidating their earnings to attempt to clean-up their mess. Unacceptable, Equifax!

Will Equifax be required to notify those who were compromised as a result of this security breach? If yes, then why are any being asked to divulge sensitive information on a site sharing or collecting information from a company known to have been breached?

If hackers have your SSN, name, credit card information... what would prevent them from signing for credit alerts, TrustedID Premier service on your behalf locking you out?

I just received information with an update from Equifax saying that if you enrolled in the TrustedId you will not automatically be charged after the first year.....for one thing they didn't require any credit card info. You also will be allowed to take legal action if it comes to that. You can find this info on their website.

Did my information get stolen?

Equifax is a joke!! In May, they didn't have good enough security and allowed hackers to access our most important financial security information (1/2 of the US population). Then the CO's of the company dump their stock in Equifax and cook up a way to put a bandaid on the situation of credit monitoring for free for may be a year.
When you call their "hotline", they have No addition information, such as what information of yours was actually accessed.
So I can only assume the worst, they accessed all of my information, my SSN, my DOB, my DL#, what creditors I have, what loans I love ever gotten, and where I've lived my entire life, and my security questions which allow full financial access. Every piece of identifying Information that makes me, ME in the financial world. The information is out there and it could be years before someone tries to commit identity theft. If they were smart, which these hackers I'm sure were, they would hold onto it for over a year when no one has free credit monitoring and then start selling it to the highest bidders to commit Identity theft and credit fraud.

The real solution would be for Equifax to pay the government the billions of dollars it would take to issue everyone affected new SSN's with a new 12 or 14 digit number and then go out of business forever and let better companies who have ethics's take their place.

Trans Union has closed its website to efforts to freeze credit. I succeeded with both Experian and Equifax. But I've been trying for 2 days to reach Trans Union, first receiving feedback on Sunday that my account was "temporarily suspended" whatever that means? The effect was I could not request a freeze because my account was "suspended," then on Monday (Today) the freeze site for TransUnion is "unavailable, sorry for the inconvenience." Via phone I determined my only option is to WRITE a letter to Chester, Pennsylvania, containing both my FULL social security number and a credit card number WITH security CODE, then wait another five (5) days for processing. This whole mess is revealing of unprofessional and dangerous handling of confidential data.

I had to talk to someone in India to get a freeze placed on my credit report for Transunion!

How do I prevent Equifax from collecting my personal data? Who gave them the authority to do that? I do not want to give them my personal data to get the TrustedID. What I want is to delete my data from Equifax and block them from collecting my data in the future.

Would using LifeLock or something similar be better?

Why do I -- along with 140,000,000 other Americans -- have to pay for the loss of my private information by a corporation that benefits and profits from that information?
Companies routinely use American's private information for their profit and they don't even inform citizens about how and when they do so. This is wrong.
Now, Equifax offers 1-year credit protection for their error. But that requires Americans to surrender any legal remedies against Equifax and provides only 1 year protection. Experts say that affected Americans need lifetime protection.

Seems like Equifax will come out on top, as they will gain many many more likely consumers of their for-fee services. This is not right. American consumers should not have to pay for the errors -- resulting in significant privacy loss and risks -- for those who profit from our information. This is a clear example of where the government -- at least responsive to the needs of relatively powerless consumers -- should step in.

Our personal data is still held by Equifax. I want a way to have MY personal data deleted from their inadequate system. I know that is a bit like closing the barn door after the horses are out but who is to say that they will not be hacked again by a different group.

I think that the finance system in US needs improvement. There is a way to design the system so that even if my information is stolen and nobody can use it.

At this time your site says i may be impacted. To enroll in your protection i have to provide you with my full SSN and other details - how am i to believe that you guys can keep my information secure when you exposed 42% of US population's information?

Equifax is not doing any checking of any records. you can put any name in the box and any 6 random numbers and you will get the message that you have been impacted. They are part of the scam I am guessing.

So is the FTC by sending concerned citizens to that site.

The security freeze works great, but Equifax will not give me a straight answer on whether or not the security freeze PINs already in place were part of the information that was breached. The current security freezes are no good if the PIN to turn them off had been released. Please let me know if anyone has an answer. Best Equifax has told me is that they "don't think so"!

Now, the Equifax online and phone Security Freeze systems are currently unavailable. 'Call back later'
Geeeez! Both TransUnion and Experian phone systems for Security Freezes were straight forward and simple.

First off I agree with everyone that Equifax should be slapped hard for this breach. Unlike breaches at Home Depot, Target, or Wells Fargo, we have NO SAY in whether Equifax, Experian, or Trans Union collect and store our data and when they get it wrong the burden is on US to identify the problem an fix it. Often that happens when you're being considered for credit and there is no way to fix their bad data in time to meet loan document deadlines. I HATE these guys!

That said, updates on their website say that they've dropped the arbitration requirement on the 1 year free credit monitoring and that they no longer collect payment information that could be used to auto-enroll you after the 1 year expires. Frankly I think the FTC should require them to provide free credit monitoring for the life of my name, SSN, and any other data collected... in other words, for the rest of my life. We should all lobby our congressional reprehensives to mandate that. I'm sure they can get right on that when they're done doing all the good work they're in the middle of.

The site for free annual credit report is down. Guess they're being swamped.

Why don't you guys fine Equifax? Or how about insisting that they pay for all of our credit freezes and unfreezes on all of the credit bureaus?

Every member of federal legislative branch should be forced to read every comment on this site. This would be both punitive and eyeopening for them!

I'm sick and tired of these data breaches. We are pushed to go all electronic with our accounts and then they are hacked! I did not give Equifax my data, I never opened an account with them, that makes me furious that they have it and that it was compromised. How do I sue these irresponsible crooks.

So, if I understand this correctly, in order to make sure my personal information is secure, I need to provide that same personal information to the company that has already demonstrated it's unable to keep it secure?

equifax should not only freeze your account but freeze the other 2 credit agencies at equifax's expense not ours. The 19.95 a month in the 2nd year is slap in the face. Making money off us now is a corporate crime. The FTC needs to start slapping all these corporate thieves with serious fines. Otherwise, we are doomed to corporate profit over monies expensed to protect our Private information security.

As Donald Trump would say, "the FTC, very sad..."

I was duped into signing up for Equifax's free security service via their site. I didn't know this waived my right to sue. Equifax hid that "little detail". It’s Equifax’s lack of best practices and due diligence that caused this massive security breach.

I’ve been doubly victimized by Equifax.#1) Equifax's breach of my highly sensitive personal information, thus placing me in danger of malicious hackers; 2) Equifax's deceptive waiver that stripped me of my right to sue.

It’s my right as a citizen of the United States to be represented in a court of law. I’m a victim of a crime. Equifax’s unethical waiver of my right to sue should not be held up in court. This waiver should be nullified.

The Class Action Lawsuit Attorneys should be able to include me, and others the other victims like me, in the Class Action Lawsuit against Equifax.

Equifax is 100% responsible and must pay all the dameges

Equifax should be fined $60 per person whose data was hacked. That is about 4 hours at minimum wage. The FTC and companies seem to think my time is free. Make them accountable in terms of real dollars, not just momentary paper losses in stock price. According to Forbes, this is the just the most recent in a long history of data hacks at Equifax and Equifax owned companies. What does it take for the FTC to step up to protect USA citizens? The history of Equifax and FTC response sounds increasingly like the VA.

I don't believe companies can block you from suing by burying the fact that your given up that right in their terms and conditions. It would be highly predatory and I can't believe the courts would allow that behavior to stand. Then again, this has to be a company with very deep political backing or their damaging behavior toward consumers would have been stopped ages ago.

OK, you can't believe it, but it is true... that is, the company can file for dismissal based on your agreeing never to join any class action lawsuit. They cannot prevent a lawsuit, just file for dismissal.

The FTC is advising victims to go to the Equifax security site where they are pitched on a credit monitoring service with a free year and a promise not to litigate. Equifax has been secretive (July?), evasive (stock sales), and inept enough to expose 140M accounts to hackers. The FTC better pick a side here and get investigating.

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

I would like to close my account with Experian. They seem unable to secure the data.

you mean Equifax, not Experian...at least Equifax is the company at issue here.

Still trying to get my head around the concept of signing up for a protection service - free or not - provided by the company that could not protect my information in the first place and why the FTC and others telling us we should sign up for it are not calling this out. Offer me protection from an independent 3rd party service and we'll talk. Trusting the company that could not protect my information to protect my information seems like buying a bucket I know has a hole in it.

Equifax DOES NOT KNOW IF YOU WERE COMPROMISED! Input any name and any numbers into their website and it will say you have probably been compromised and should sign up for their monitoring service. This government website is doing consumers a disservice by telling them to check if they were compromised. Absolute garbage!

Not true! I was compromised but my wife eas not.

So how does Equifax know it's you signing up and not someone who received your breached information?

My name is on the compromised list. These companies have all our info and make money off of it. This is inexcusable and the CEO's get away with it again.

So you have to put in the last 6-digits of your SS # which only leaves 999 possibilities for someone to get the whole thing? NO WAY JOSÉ!!

They are just another white collar criminal company. I tried to freeze my credit in July because I was a victim of identity theft and they denied. They said I had to send additional documents to prove my identity: a copy of my driver's license and a copy of a pay-check or W2. I did not want to give them any more information because I did not trust them. Now this... Hope somebody ends up in jail.

Equifax should be required to make their "TrustedID Premier" credit monitoring free for life, not just one year. This problem will not go away after the year is up . . .

Equifax should also be ordered to offer to pay for credit freezes at other credit reporting "agencies" as well. Because of their carelessness, I have to put in place four freezes . . . Why should I pay for Equifax's stupidity.

Equifax should be immediately closed down. At a minimum, Social Security numbers should never be stored by any entity other than the US government, and abstracted by all others.

Breaches like this don't need to keep happening, but apparently they do . . .

This has got to stop. The amount of information they take from us that is so sensitive is unrealistic now if they cannot guard it safely. I think the year of credit monitoring pales in comparison in to having your information permanently out in the world.

Equifax needs to be monitored more from the government. I have a good credit rating but they keep showing delinquent accounts from over 15 years ago. Due to being out of work from an illness. When a person works hard to do what's right and get their credit rating I think the bad things from years past should be removed. I also just put my name and last 6 numbers of social security number in to Equifax to see if I am on the data breach list. I made sure that the lock was locked and http was in the address bar. I haven't gotten an email back from them to verify that my account had been or had not been hacked. Please monitor these credit consumers more as they hold our futures. Thank you

I entered my info and it said I may have been impacted.

Tells me that the site can't be reached

Earlier this year I received notice from my cell phone provider that Experian was hacked, last year it was the government OPM database. Apparently they are willing to take and track your information but to keep it safe would cost them money..... That is 2 credit report agencies hacked with one left. Wonder if the third has increased their security probably not..... very sad.

I tried to access the link FTC provided to Equifax's site and used the "Potential Impact" identifier where I entered my name and 6 digits. Everything seemed fine until I completed the Captcha questions and got a message from my anti-virus software that a threat had been quarantined and I should do an immediate scan.I am very concerned now, that I have just made the situation worse. I tried calling the number on the website but it says all lines are busy. What should I do? Is ther another number to call?

Pages

Leave a Comment

Comment Policy