The Equifax Data Breach: What to Do

Share This Page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, (This link takes you away from our site. is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting Accounts or activity that you don’t recognize could indicate identity theft. Visit to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.




So, if I understand this correctly, in order to make sure my personal information is secure, I need to provide that same personal information to the company that has already demonstrated it's unable to keep it secure?

equifax should not only freeze your account but freeze the other 2 credit agencies at equifax's expense not ours. The 19.95 a month in the 2nd year is slap in the face. Making money off us now is a corporate crime. The FTC needs to start slapping all these corporate thieves with serious fines. Otherwise, we are doomed to corporate profit over monies expensed to protect our Private information security.

As Donald Trump would say, "the FTC, very sad..."

I was duped into signing up for Equifax's free security service via their site. I didn't know this waived my right to sue. Equifax hid that "little detail". It’s Equifax’s lack of best practices and due diligence that caused this massive security breach.

I’ve been doubly victimized by Equifax.#1) Equifax's breach of my highly sensitive personal information, thus placing me in danger of malicious hackers; 2) Equifax's deceptive waiver that stripped me of my right to sue.

It’s my right as a citizen of the United States to be represented in a court of law. I’m a victim of a crime. Equifax’s unethical waiver of my right to sue should not be held up in court. This waiver should be nullified.

The Class Action Lawsuit Attorneys should be able to include me, and others the other victims like me, in the Class Action Lawsuit against Equifax.

Equifax is 100% responsible and must pay all the dameges

Equifax should be fined $60 per person whose data was hacked. That is about 4 hours at minimum wage. The FTC and companies seem to think my time is free. Make them accountable in terms of real dollars, not just momentary paper losses in stock price. According to Forbes, this is the just the most recent in a long history of data hacks at Equifax and Equifax owned companies. What does it take for the FTC to step up to protect USA citizens? The history of Equifax and FTC response sounds increasingly like the VA.

I don't believe companies can block you from suing by burying the fact that your given up that right in their terms and conditions. It would be highly predatory and I can't believe the courts would allow that behavior to stand. Then again, this has to be a company with very deep political backing or their damaging behavior toward consumers would have been stopped ages ago.

OK, you can't believe it, but it is true... that is, the company can file for dismissal based on your agreeing never to join any class action lawsuit. They cannot prevent a lawsuit, just file for dismissal.

The FTC is advising victims to go to the Equifax security site where they are pitched on a credit monitoring service with a free year and a promise not to litigate. Equifax has been secretive (July?), evasive (stock sales), and inept enough to expose 140M accounts to hackers. The FTC better pick a side here and get investigating.

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

I would like to close my account with Experian. They seem unable to secure the data.

you mean Equifax, not least Equifax is the company at issue here.

Still trying to get my head around the concept of signing up for a protection service - free or not - provided by the company that could not protect my information in the first place and why the FTC and others telling us we should sign up for it are not calling this out. Offer me protection from an independent 3rd party service and we'll talk. Trusting the company that could not protect my information to protect my information seems like buying a bucket I know has a hole in it.

Equifax DOES NOT KNOW IF YOU WERE COMPROMISED! Input any name and any numbers into their website and it will say you have probably been compromised and should sign up for their monitoring service. This government website is doing consumers a disservice by telling them to check if they were compromised. Absolute garbage!

Not true! I was compromised but my wife eas not.

So how does Equifax know it's you signing up and not someone who received your breached information?

My name is on the compromised list. These companies have all our info and make money off of it. This is inexcusable and the CEO's get away with it again.

So you have to put in the last 6-digits of your SS # which only leaves 999 possibilities for someone to get the whole thing? NO WAY JOSÉ!!

They are just another white collar criminal company. I tried to freeze my credit in July because I was a victim of identity theft and they denied. They said I had to send additional documents to prove my identity: a copy of my driver's license and a copy of a pay-check or W2. I did not want to give them any more information because I did not trust them. Now this... Hope somebody ends up in jail.

Equifax should be required to make their "TrustedID Premier" credit monitoring free for life, not just one year. This problem will not go away after the year is up . . .

Equifax should also be ordered to offer to pay for credit freezes at other credit reporting "agencies" as well. Because of their carelessness, I have to put in place four freezes . . . Why should I pay for Equifax's stupidity.

Equifax should be immediately closed down. At a minimum, Social Security numbers should never be stored by any entity other than the US government, and abstracted by all others.

Breaches like this don't need to keep happening, but apparently they do . . .

This has got to stop. The amount of information they take from us that is so sensitive is unrealistic now if they cannot guard it safely. I think the year of credit monitoring pales in comparison in to having your information permanently out in the world.

Equifax needs to be monitored more from the government. I have a good credit rating but they keep showing delinquent accounts from over 15 years ago. Due to being out of work from an illness. When a person works hard to do what's right and get their credit rating I think the bad things from years past should be removed. I also just put my name and last 6 numbers of social security number in to Equifax to see if I am on the data breach list. I made sure that the lock was locked and http was in the address bar. I haven't gotten an email back from them to verify that my account had been or had not been hacked. Please monitor these credit consumers more as they hold our futures. Thank you

I entered my info and it said I may have been impacted.

Tells me that the site can't be reached

Earlier this year I received notice from my cell phone provider that Experian was hacked, last year it was the government OPM database. Apparently they are willing to take and track your information but to keep it safe would cost them money..... That is 2 credit report agencies hacked with one left. Wonder if the third has increased their security probably not..... very sad.

I tried to access the link FTC provided to Equifax's site and used the "Potential Impact" identifier where I entered my name and 6 digits. Everything seemed fine until I completed the Captcha questions and got a message from my anti-virus software that a threat had been quarantined and I should do an immediate scan.I am very concerned now, that I have just made the situation worse. I tried calling the number on the website but it says all lines are busy. What should I do? Is ther another number to call?

I selected the button to continue and a malware warning popped up from my antivirus saying the site contained a virus.

I just tried to put my last 6 and name into the Equifax site and my virus program screamed at me about a potential threat and is now scanning my computer. Now what do I do!!!

I signed up! I don't believe their agreement will stand up in court. You can't give protection with conditions i.e waive consumers right to sue.

When you ask the FTC to step in, remember these are the same incompetent folks that can't run an effective do not call system!!!

was I breached

When can we sue? It states I was arrested so I want my credit score back to 800

I called Equifax Canada, because I am Canadian, she told me I could pay an extra $6 a month for fraudulent monitoring...I already pay $19.95 a month!!! She said Canadians were not effected, the complete opposite of what equifax said to the news..also she said that I should call equifax usa for information because they dont have any! I am so scared. Dont know where to turn as a Canadian.

It's their responsibility to keep our PPI protected period! FINE them for their failure to secure our information. Investigate and CHARGE them for selling the sock before the public found out about the breach. Do the right thing FTC. That all any American asks for! I bet we all agree on that!

Threat has been detected when trying to access to check my information by Avast Antivirus! It says it's infected with URL MAL --- https:// eligibility/ eligibility.html

well... I guess that's that.

To FCC, so statements in frequently asked questions are more binding than statements in terms of service. Also it is legal to have people pay you to avoid problems you caused. Somehow, that does not seem right. Betting continuing payments for service start being automatically deducted also

Is it legal for the FTC to advertise for a business? That is what is being done when you say get trusted ID to monitor your credit.

On the news last night they went to the Equifax site and entered Test for the name, and 12345 for the last digits of the social security number, and were told that Yes, they had been affected by the security breach. Not very reliable!

the system is set up for this to happen ...

Equifax is not making up a fake data breach story to enroll us in their monitoring service. The data breach was real. I had my debit card info stolen and two attempts made to get cash from it, from some perp in Brazil. As to their removing the "give up your right to a class action suit" from the enrollment in monitoring service, I have not heard of that at all. As to fake name / random 6-digit ssn test, that is not at all predictable from my six trials. Equifax was told by their security ex-spurts that they should increase security, but top execs refused in order to save money. That is the basis of all class action suits. The trouble is how to join a suit. Lawyers are crafty devils and not likely to simply let us join any existing suit. You will need to bring your own suit, hire your own lawyer.

Okay, people, here's the facts. Way back in ancient times pre- internet and fax machine like the 1960s, your previous credit information was reported to a LOCAL credit bureau. You did business with a LOCAL bank, savings and loan, or credit union who called the LOCAL credit bureau - on the phone provided by a LOCAL telephone company- when you applied for a loan. That's how they checked your credit. Of course, it sometimes took your LOCAL banker - who you knew because they lived in your town- several hours to make a decision to approve your loan. They were not in the Phillipines and didn't have to call Minneapolis. They made the decision LOCALLY. Of course, if you made enough money you could apply for an American Express card - and they called your LOCAL credit bureau to check up on you. Fast forward through the 1970s and the creation of Master Card and Visa - and the 1980s when the government tried to solve one problem with banks by creating a whole lot of new problems that moved mortgages into the secondary market, brought us branch banking, and created the need for national credit bureaus, ie: Equifax. Throw in the rapid devlopment of the internet and bigger, better computer systems, add in consumers more and more dependent on credit and here we are. How do you reverse it? Well, good luck finding a LOCAL bank - or LOCAL phone company - or even calling customer service and getting someone whose instructions you can understand. Go back to paying cash or borrow only from your rich uncle? Oh wait, your personal information is out in cyber space forever, so even your grand children's children will not be able to retrieve it. This is the "global" economy. And you, people, are the product being sold, right down the river.

So if one already submitted to the he free monitoring, one doesn't have ANY chance to get in on that class action lawsuit?
Tell me there is some hope please

Seems like the coyotes are minding the chickens. Where were th FTC and CFPB? Useless.

The three NGO for profit credit bureaus needs to be reined in. The private info they collect and distribute without authority or authorization by the owners, and credit scores, determines how much interest consumer pay throughout their lifetime.

I agree with all the cynical comments about this disgusting company (as well as the other two agencies) who use your personal data to make money while assuming very little responsibility, since you are NOT their customer.

My most memorable experience was trying to correct an error supposedly reported by a merchant. I was forced to fill out all kinds of forms contesting the entry. Since the agencies are now required to respond within 30 days (previously, they often just ignored you),I received a computer generated letter that the information shown was as received by the merchant. In other words, they confirmed what was on their database, which is the very thing I was contesting. It turns out that the merchant reported correctly and Equifax had made an error. I was able to correct it only by getting the merchant to resubmit the original data.

I take great care to protect my excellent credit, only to have a calloused company over which I have no control lose my valuable personal data. Sickening.
I plan to do 5 things:
1. Put a freeze on my credit. True to form, when I fill out the Equifax form, it says "we can not process this request at this time. Please try again." Way to go, Equifax. I'll try the other agencies, since they are supposed to notify each other.
2. Sign up for the free Experian credit monitoring service. I know my personal data is out there forever, but why not watch it for a year.
3. Experian offers a search of the "dark web" to see if your SS number is floating around somewhere. I'm waiting for an email that supposedly gives instructions. We'll see.
4. I will place a 7 year fraud alert on my account with Equifax. They require a police report. I hate to bother the local cops, but I'll try.
5. I'll pull my free annual credit reports from all three agencies just for kicks.

Rightfully, I feel that Equifax should proactively monitor my credit forever, but I have a feeling they won't want to do that.

I put myself and my Husband's info in and it said we were not affected but my Son did his and it said he may have been affected.
One more thing, when it asks you to prove your not a robot why doesn't it give you options such as choosing the pictures as it does for every other site that wants proof your not a robot?

I am trying to freeze my account and could not. not available and try later.
Did anyone call to freeze there account?

Any credit monitoring is a scam!!! Does not matter if it's monitoring or protection company, they inturn are entering your info to search for it in web sites so those companies are exposing YOUR info while saying they are protecting or monitoring... I say class action..


Couldn't agree more Ross. As well as free credit freezes on all 3 credit files. It could be decades before a consumer feels the effects of this data breach.

What kind of lawyer would you need to file a lawsuit? Anyone know?


Leave a Comment

Comment Policy