The Equifax Data Breach: What to Do

Share this page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, www.equifaxsecurity2017.com. (This link takes you away from our site. Equifaxsecurity2017.com is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting annualcreditreport.com. Accounts or activity that you don’t recognize could indicate identity theft. Visit IdentityTheft.gov to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit Identitytheft.gov/databreach to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.

 

 

Comments

Earlier this year I received notice from my cell phone provider that Experian was hacked, last year it was the government OPM database. Apparently they are willing to take and track your information but to keep it safe would cost them money..... That is 2 credit report agencies hacked with one left. Wonder if the third has increased their security probably not..... very sad.

I tried to access the link FTC provided to Equifax's site and used the "Potential Impact" identifier where I entered my name and 6 digits. Everything seemed fine until I completed the Captcha questions and got a message from my anti-virus software that a threat had been quarantined and I should do an immediate scan.I am very concerned now, that I have just made the situation worse. I tried calling the number on the website but it says all lines are busy. What should I do? Is ther another number to call?

I selected the button to continue and a malware warning popped up from my antivirus saying the site contained a virus.

I just tried to put my last 6 and name into the Equifax site and my virus program screamed at me about a potential threat and is now scanning my computer. Now what do I do!!!

I signed up! I don't believe their agreement will stand up in court. You can't give protection with conditions i.e waive consumers right to sue.

When you ask the FTC to step in, remember these are the same incompetent folks that can't run an effective do not call system!!!

was I breached

When can we sue? It states I was arrested so I want my credit score back to 800

I called Equifax Canada, because I am Canadian, she told me I could pay an extra $6 a month for fraudulent monitoring...I already pay $19.95 a month!!! She said Canadians were not effected, the complete opposite of what equifax said to the news..also she said that I should call equifax usa for information because they dont have any! I am so scared. Dont know where to turn as a Canadian.

It's their responsibility to keep our PPI protected period! FINE them for their failure to secure our information. Investigate and CHARGE them for selling the sock before the public found out about the breach. Do the right thing FTC. That all any American asks for! I bet we all agree on that!

Threat has been detected when trying to access to check my information by Avast Antivirus! It says it's infected with URL MAL --- https:// trustedidpremier.com/ eligibility/ eligibility.html

well... I guess that's that.

To FCC, so statements in frequently asked questions are more binding than statements in terms of service. Also it is legal to have people pay you to avoid problems you caused. Somehow, that does not seem right. Betting continuing payments for service start being automatically deducted also

Is it legal for the FTC to advertise for a business? That is what is being done when you say get trusted ID to monitor your credit.

On the news last night they went to the Equifax site and entered Test for the name, and 12345 for the last digits of the social security number, and were told that Yes, they had been affected by the security breach. Not very reliable!

the system is set up for this to happen ...

Equifax is not making up a fake data breach story to enroll us in their monitoring service. The data breach was real. I had my debit card info stolen and two attempts made to get cash from it, from some perp in Brazil. As to their removing the "give up your right to a class action suit" from the enrollment in monitoring service, I have not heard of that at all. As to fake name / random 6-digit ssn test, that is not at all predictable from my six trials. Equifax was told by their security ex-spurts that they should increase security, but top execs refused in order to save money. That is the basis of all class action suits. The trouble is how to join a suit. Lawyers are crafty devils and not likely to simply let us join any existing suit. You will need to bring your own suit, hire your own lawyer.

Okay, people, here's the facts. Way back in ancient times pre- internet and fax machine like the 1960s, your previous credit information was reported to a LOCAL credit bureau. You did business with a LOCAL bank, savings and loan, or credit union who called the LOCAL credit bureau - on the phone provided by a LOCAL telephone company- when you applied for a loan. That's how they checked your credit. Of course, it sometimes took your LOCAL banker - who you knew because they lived in your town- several hours to make a decision to approve your loan. They were not in the Phillipines and didn't have to call Minneapolis. They made the decision LOCALLY. Of course, if you made enough money you could apply for an American Express card - and they called your LOCAL credit bureau to check up on you. Fast forward through the 1970s and the creation of Master Card and Visa - and the 1980s when the government tried to solve one problem with banks by creating a whole lot of new problems that moved mortgages into the secondary market, brought us branch banking, and created the need for national credit bureaus, ie: Equifax. Throw in the rapid devlopment of the internet and bigger, better computer systems, add in consumers more and more dependent on credit and here we are. How do you reverse it? Well, good luck finding a LOCAL bank - or LOCAL phone company - or even calling customer service and getting someone whose instructions you can understand. Go back to paying cash or borrow only from your rich uncle? Oh wait, your personal information is out in cyber space forever, so even your grand children's children will not be able to retrieve it. This is the "global" economy. And you, people, are the product being sold, right down the river.

So if one already submitted to the he free monitoring, one doesn't have ANY chance to get in on that class action lawsuit?
Tell me there is some hope please

Seems like the coyotes are minding the chickens. Where were th FTC and CFPB? Useless.

The three NGO for profit credit bureaus needs to be reined in. The private info they collect and distribute without authority or authorization by the owners, and credit scores, determines how much interest consumer pay throughout their lifetime.

I agree with all the cynical comments about this disgusting company (as well as the other two agencies) who use your personal data to make money while assuming very little responsibility, since you are NOT their customer.

My most memorable experience was trying to correct an error supposedly reported by a merchant. I was forced to fill out all kinds of forms contesting the entry. Since the agencies are now required to respond within 30 days (previously, they often just ignored you),I received a computer generated letter that the information shown was as received by the merchant. In other words, they confirmed what was on their database, which is the very thing I was contesting. It turns out that the merchant reported correctly and Equifax had made an error. I was able to correct it only by getting the merchant to resubmit the original data.

I take great care to protect my excellent credit, only to have a calloused company over which I have no control lose my valuable personal data. Sickening.
I plan to do 5 things:
1. Put a freeze on my credit. True to form, when I fill out the Equifax form, it says "we can not process this request at this time. Please try again." Way to go, Equifax. I'll try the other agencies, since they are supposed to notify each other.
2. Sign up for the free Experian credit monitoring service. I know my personal data is out there forever, but why not watch it for a year.
3. Experian offers a search of the "dark web" to see if your SS number is floating around somewhere. I'm waiting for an email that supposedly gives instructions. We'll see.
4. I will place a 7 year fraud alert on my account with Equifax. They require a police report. I hate to bother the local cops, but I'll try.
5. I'll pull my free annual credit reports from all three agencies just for kicks.

Rightfully, I feel that Equifax should proactively monitor my credit forever, but I have a feeling they won't want to do that.

I put myself and my Husband's info in and it said we were not affected but my Son did his and it said he may have been affected.
One more thing, when it asks you to prove your not a robot why doesn't it give you options such as choosing the pictures as it does for every other site that wants proof your not a robot?

I am trying to freeze my account and could not. not available and try later.
Did anyone call to freeze there account?

Any credit monitoring is a scam!!! Does not matter if it's monitoring or protection company, they inturn are entering your info to search for it in web sites so those companies are exposing YOUR info while saying they are protecting or monitoring... I say class action..

I demand FREE PREMIUM CREDIT MONITORING FOR LIFE!!!

Couldn't agree more Ross. As well as free credit freezes on all 3 credit files. It could be decades before a consumer feels the effects of this data breach.

What kind of lawyer would you need to file a lawsuit? Anyone know?

I didn't get an enrollment date when I signed up?

Sick and worried about this situation. Need to sue

I entered bogus information on the Equifax site... evidently Smith with the last 6 digits of the social of 123456 is impacted

From 'FYI' : "Input any name and any numbers into their website and it will say you have probably been compromised." That is NOT TRUE!!! I have tried various fake last names, such as "Imadoodleflop" with 123456 as SS#, and it said does not appear you were compromised. Yes, I could get it to reply that it appears you were compromised, but that simply means there are some very funny genuine last names in this society.

You know you people really piss me off to no end, you have forced us all into this digital world with all our information, then you miss handle this information because you don't want to spend the money to secure you system from hacks then expect us to go through tons of BS to protect ourselves from your screw up. Your company should be the one to automatically put a fraud alert on every account you already know was breeched. But NO you want us to fix your mess and you sit back and not have to pay a dime for a problem you created. To say I'm pissed of is an understatement. I hope there is a class action law suit and you are put you out of business.

I'M WITH MAR!!! Considering the business that they're in, the credit bureaus should be the GOLD STANDARD in security!! And just found out I have to PAY to have a CREDIT FREEZE applied to my file!!!!!

This comments section is bungled badly. There is a "PREPLY" link to the right of each comment, but THEY ARE ALL ONE LINK REPEATED!!! Any and all "REPLIES" become new comments at the end of all the current comments. Is this intended to protect each of us from all the others, so no direct personal comments can be made when someone presents "alternative facts"?

I couldn't even check my info. I keep getting redirected to the funny square face image stating redirect error in transmission. What a crock!

We are the victims. Why do we have to pay the 3 major credit reporting agencies for a credit freeze when it was equifax that has put us in this position in the first place. We are also forced to pay again every time we wish to open a new line of credit. Makes no sense to me at all. The victims are being victimized again. Is there no accountability on the part of equifax?

***Equifax also acknowledged that its language particularly over the right to sue has been confusing at best, and said it was removing that language from their website. "Enrolling in the free credit file monitoring and identity theft protection that we are offering as part of this cybersecurity incident does not waive any rights to take legal action," it said.***

Swede/ The FTC should make them drop the second year fee. After free year they should make second year optional . Think other companies are cheaper.

Everyone should get angry at Congress over this issue. It's not as if these credit reporting agencies (CRA) are operating out of bounds. The FTC and CFPB are powerless in their oversight of CRAs. They can only do what the FTC is doing, by posting an announcement. When FCRA language defines FTC oversight of CRAs as "promote...security", that gives the FTC zero power to enforce or do anything in matters like the Equifax data breach. Moreover, since there is no legislation which actually defines a CRA, the FTC and CFPB can't very well provide much oversight or enforce anything if the law doesn't even spell out what a CRA is or isn't.

my entire family information has been stolen...My kids will have to deal with this mess for ever...
where is the government?????????
What is going to do for my 15 year old daughter or my 18 year old son...

At this Equifax web page--> www. freeze. equifax. com/ Freeze/ jsp/ SFF_PersonalIDInfo. jsp one can enter the same info that was stolen in the hack to freeze your credit to prevent opening any new accounts. Then the perps who stole your ID can unfreeze it using your SS# and address info that they stole. Lotta good this freeze "security" provides.

How did I cancel this? I enrolled and want to opt out

The Equifax site, www. EqifaxSecurity2017. com is a scam to market Eqifax credit protection services. Just type in any name and number (They don't actually search their database for your information.) The results of your search will say your data MAY have been impacted. Then they try to sell you their credit protection service. SHAME ON YOU EQIFAX. FTC, DO SOMETHING TO STOP THEM!

I just typed my last name with a typo in my SSN and it said I wasn't impacted. I would guess if the name and last 6 don't match in their system they are sending a no impact message. With correct info, it says possible impact.

Is the Equifax web page a scam in itself? I entered my 6 digit SSN number and last name and my virus protection software immediately quarantined what it believed was some kind of virus or trojan horse. I'm reluctant to try again.

I got the same response when I went to the same web page and entered the 6 digit SSN/last name from my AV telling me to get out of here and am worried that they (hackers) have those 6 digits/last name from keyed input...this is getting BAD!

All those lovely credit verification services you see constant commercials for..like creditKarma, etc. What was the effect of using their services?

Equifax, Transunion and Experian are credit monopolies. They need to be broken up. What gives them the right to monopolize our credit and decide how credit-worthy we are? We need to inititate a class-action lawsuit or there needs to be intervention from the government to break up the monopoly. We should have a choice.

HOW DO WE GET FTC TO MANDATE CREDIT REPORTING AGENCIES TO STOP CHARGING FEES FOR CREDIT FREEZE FEES? SOME STATES DON'T HAVE TO PAY ANYTHING. I LIVE IN TEXAS AND FEES ARE $10 OR $10.83 PER PERSON PER AGENCY. IF YOU WANT TO LIFT FREEZE TEMPORARILIY, YOU HAVE TO PAY AGAIN TOO!

9/12/17

I used the link you gave for www.equifaxsecurity2017.com and followed your instructions by checking for "Potential Impact" then entered my last name and last 8 digits of my social security number. When I clicked the button to continue, my Avast software detected a security threat and I got away from that site.

Why are you directing consumers to a link that requires personal information and ends up with an infected situation?

Please correct this!

-TryingToPreventCreditBreach

If everyone is getting the same message, why even have the site to see if we were impacted. Does Equifax even know who was impacted?

Pages

Leave a Comment