The Equifax Data Breach: What to Do

Share This Page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, (This link takes you away from our site. is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting Accounts or activity that you don’t recognize could indicate identity theft. Visit to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.




Our personal data is still held by Equifax. I want a way to have MY personal data deleted from their inadequate system. I know that is a bit like closing the barn door after the horses are out but who is to say that they will not be hacked again by a different group.

I think that the finance system in US needs improvement. There is a way to design the system so that even if my information is stolen and nobody can use it.

At this time your site says i may be impacted. To enroll in your protection i have to provide you with my full SSN and other details - how am i to believe that you guys can keep my information secure when you exposed 42% of US population's information?

Equifax is not doing any checking of any records. you can put any name in the box and any 6 random numbers and you will get the message that you have been impacted. They are part of the scam I am guessing.

So is the FTC by sending concerned citizens to that site.

The security freeze works great, but Equifax will not give me a straight answer on whether or not the security freeze PINs already in place were part of the information that was breached. The current security freezes are no good if the PIN to turn them off had been released. Please let me know if anyone has an answer. Best Equifax has told me is that they "don't think so"!

Now, the Equifax online and phone Security Freeze systems are currently unavailable. 'Call back later'
Geeeez! Both TransUnion and Experian phone systems for Security Freezes were straight forward and simple.

First off I agree with everyone that Equifax should be slapped hard for this breach. Unlike breaches at Home Depot, Target, or Wells Fargo, we have NO SAY in whether Equifax, Experian, or Trans Union collect and store our data and when they get it wrong the burden is on US to identify the problem an fix it. Often that happens when you're being considered for credit and there is no way to fix their bad data in time to meet loan document deadlines. I HATE these guys!

That said, updates on their website say that they've dropped the arbitration requirement on the 1 year free credit monitoring and that they no longer collect payment information that could be used to auto-enroll you after the 1 year expires. Frankly I think the FTC should require them to provide free credit monitoring for the life of my name, SSN, and any other data collected... in other words, for the rest of my life. We should all lobby our congressional reprehensives to mandate that. I'm sure they can get right on that when they're done doing all the good work they're in the middle of.

The site for free annual credit report is down. Guess they're being swamped.

Why don't you guys fine Equifax? Or how about insisting that they pay for all of our credit freezes and unfreezes on all of the credit bureaus?

Every member of federal legislative branch should be forced to read every comment on this site. This would be both punitive and eyeopening for them!

I'm sick and tired of these data breaches. We are pushed to go all electronic with our accounts and then they are hacked! I did not give Equifax my data, I never opened an account with them, that makes me furious that they have it and that it was compromised. How do I sue these irresponsible crooks.

So, if I understand this correctly, in order to make sure my personal information is secure, I need to provide that same personal information to the company that has already demonstrated it's unable to keep it secure?

equifax should not only freeze your account but freeze the other 2 credit agencies at equifax's expense not ours. The 19.95 a month in the 2nd year is slap in the face. Making money off us now is a corporate crime. The FTC needs to start slapping all these corporate thieves with serious fines. Otherwise, we are doomed to corporate profit over monies expensed to protect our Private information security.

As Donald Trump would say, "the FTC, very sad..."

I was duped into signing up for Equifax's free security service via their site. I didn't know this waived my right to sue. Equifax hid that "little detail". It’s Equifax’s lack of best practices and due diligence that caused this massive security breach.

I’ve been doubly victimized by Equifax.#1) Equifax's breach of my highly sensitive personal information, thus placing me in danger of malicious hackers; 2) Equifax's deceptive waiver that stripped me of my right to sue.

It’s my right as a citizen of the United States to be represented in a court of law. I’m a victim of a crime. Equifax’s unethical waiver of my right to sue should not be held up in court. This waiver should be nullified.

The Class Action Lawsuit Attorneys should be able to include me, and others the other victims like me, in the Class Action Lawsuit against Equifax.

Equifax is 100% responsible and must pay all the dameges

Equifax should be fined $60 per person whose data was hacked. That is about 4 hours at minimum wage. The FTC and companies seem to think my time is free. Make them accountable in terms of real dollars, not just momentary paper losses in stock price. According to Forbes, this is the just the most recent in a long history of data hacks at Equifax and Equifax owned companies. What does it take for the FTC to step up to protect USA citizens? The history of Equifax and FTC response sounds increasingly like the VA.

I don't believe companies can block you from suing by burying the fact that your given up that right in their terms and conditions. It would be highly predatory and I can't believe the courts would allow that behavior to stand. Then again, this has to be a company with very deep political backing or their damaging behavior toward consumers would have been stopped ages ago.

OK, you can't believe it, but it is true... that is, the company can file for dismissal based on your agreeing never to join any class action lawsuit. They cannot prevent a lawsuit, just file for dismissal.

The FTC is advising victims to go to the Equifax security site where they are pitched on a credit monitoring service with a free year and a promise not to litigate. Equifax has been secretive (July?), evasive (stock sales), and inept enough to expose 140M accounts to hackers. The FTC better pick a side here and get investigating.

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

I would like to close my account with Experian. They seem unable to secure the data.

you mean Equifax, not least Equifax is the company at issue here.

Still trying to get my head around the concept of signing up for a protection service - free or not - provided by the company that could not protect my information in the first place and why the FTC and others telling us we should sign up for it are not calling this out. Offer me protection from an independent 3rd party service and we'll talk. Trusting the company that could not protect my information to protect my information seems like buying a bucket I know has a hole in it.

Equifax DOES NOT KNOW IF YOU WERE COMPROMISED! Input any name and any numbers into their website and it will say you have probably been compromised and should sign up for their monitoring service. This government website is doing consumers a disservice by telling them to check if they were compromised. Absolute garbage!

Not true! I was compromised but my wife eas not.

So how does Equifax know it's you signing up and not someone who received your breached information?

My name is on the compromised list. These companies have all our info and make money off of it. This is inexcusable and the CEO's get away with it again.

So you have to put in the last 6-digits of your SS # which only leaves 999 possibilities for someone to get the whole thing? NO WAY JOSÉ!!

They are just another white collar criminal company. I tried to freeze my credit in July because I was a victim of identity theft and they denied. They said I had to send additional documents to prove my identity: a copy of my driver's license and a copy of a pay-check or W2. I did not want to give them any more information because I did not trust them. Now this... Hope somebody ends up in jail.

Equifax should be required to make their "TrustedID Premier" credit monitoring free for life, not just one year. This problem will not go away after the year is up . . .

Equifax should also be ordered to offer to pay for credit freezes at other credit reporting "agencies" as well. Because of their carelessness, I have to put in place four freezes . . . Why should I pay for Equifax's stupidity.

Equifax should be immediately closed down. At a minimum, Social Security numbers should never be stored by any entity other than the US government, and abstracted by all others.

Breaches like this don't need to keep happening, but apparently they do . . .

This has got to stop. The amount of information they take from us that is so sensitive is unrealistic now if they cannot guard it safely. I think the year of credit monitoring pales in comparison in to having your information permanently out in the world.

Equifax needs to be monitored more from the government. I have a good credit rating but they keep showing delinquent accounts from over 15 years ago. Due to being out of work from an illness. When a person works hard to do what's right and get their credit rating I think the bad things from years past should be removed. I also just put my name and last 6 numbers of social security number in to Equifax to see if I am on the data breach list. I made sure that the lock was locked and http was in the address bar. I haven't gotten an email back from them to verify that my account had been or had not been hacked. Please monitor these credit consumers more as they hold our futures. Thank you

I entered my info and it said I may have been impacted.

Tells me that the site can't be reached

Earlier this year I received notice from my cell phone provider that Experian was hacked, last year it was the government OPM database. Apparently they are willing to take and track your information but to keep it safe would cost them money..... That is 2 credit report agencies hacked with one left. Wonder if the third has increased their security probably not..... very sad.

I tried to access the link FTC provided to Equifax's site and used the "Potential Impact" identifier where I entered my name and 6 digits. Everything seemed fine until I completed the Captcha questions and got a message from my anti-virus software that a threat had been quarantined and I should do an immediate scan.I am very concerned now, that I have just made the situation worse. I tried calling the number on the website but it says all lines are busy. What should I do? Is ther another number to call?

I selected the button to continue and a malware warning popped up from my antivirus saying the site contained a virus.

I just tried to put my last 6 and name into the Equifax site and my virus program screamed at me about a potential threat and is now scanning my computer. Now what do I do!!!

I signed up! I don't believe their agreement will stand up in court. You can't give protection with conditions i.e waive consumers right to sue.

When you ask the FTC to step in, remember these are the same incompetent folks that can't run an effective do not call system!!!

was I breached

When can we sue? It states I was arrested so I want my credit score back to 800

I called Equifax Canada, because I am Canadian, she told me I could pay an extra $6 a month for fraudulent monitoring...I already pay $19.95 a month!!! She said Canadians were not effected, the complete opposite of what equifax said to the news..also she said that I should call equifax usa for information because they dont have any! I am so scared. Dont know where to turn as a Canadian.

It's their responsibility to keep our PPI protected period! FINE them for their failure to secure our information. Investigate and CHARGE them for selling the sock before the public found out about the breach. Do the right thing FTC. That all any American asks for! I bet we all agree on that!

Threat has been detected when trying to access to check my information by Avast Antivirus! It says it's infected with URL MAL --- https:// eligibility/ eligibility.html

well... I guess that's that.

To FCC, so statements in frequently asked questions are more binding than statements in terms of service. Also it is legal to have people pay you to avoid problems you caused. Somehow, that does not seem right. Betting continuing payments for service start being automatically deducted also

Is it legal for the FTC to advertise for a business? That is what is being done when you say get trusted ID to monitor your credit.

On the news last night they went to the Equifax site and entered Test for the name, and 12345 for the last digits of the social security number, and were told that Yes, they had been affected by the security breach. Not very reliable!


Leave a Comment

Comment Policy