You are here

The Equifax Data Breach: What to Do

Share this page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, (This link takes you away from our site. is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting Accounts or activity that you don’t recognize could indicate identity theft. Visit to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.





I used the link you gave for and followed your instructions by checking for "Potential Impact" then entered my last name and last 8 digits of my social security number. When I clicked the button to continue, my Avast software detected a security threat and I got away from that site.

Why are you directing consumers to a link that requires personal information and ends up with an infected situation?

Please correct this!


If everyone is getting the same message, why even have the site to see if we were impacted. Does Equifax even know who was impacted?

Can Not Access All 3 Credit Reports For Free (received less than 12 months ago). Will Only Get Equifax For Free. FTC: Protect Consumers--Do Not Make Us Pay to View Credit Reports if we were Impacted.

So am I hearing that most everyone is NOT going to sign up for the "free" monitoring service?
If not how or what is the best way to monitor ourselves?
I currently check the monitoring services regularly but want to know what else I should be following up on besides my bank accounts and credit cards.


This should be expected in this day and age. If government agencies who are supposed to have top security can be breached, why wouldn't it be easy to breach a private database. If you are worried about your personal data, just think about breaching the Real ID database that includes your biometrics.

Experian repeatedly making security freeze difficult blocking email documentation and requiring documents by mail thus making paid Identity theft protection attractive.

Found it concerning that no matter what i enter in for last name and last 6 ss#, I got a message saying my data may have been compromised. Even Last name : Doe, last 6ss# 123456. Seems like they don't know what data was compromised.

Just tried to put a security freeze on my account and got "System Currently Unavailable - Error 500
We're sorry. We cannot process your security freeze request online at this time. Please try back later."
They collect all this personal info on everybody whether we like it or not, they don't protect it, and when there's a breach they offer NOTHING. This is insanity!

Look, I just survived the Hurricane if Florida, but the Equifax Data Breach will do more damage to this Great Nation and All Americans than all the Hurricanes in our lifetime!!!!




We can't get through to freeze our credit information with Equifax. Their site fails and the phones lines never connect. Oh, I'm sure we'll get through eventually but it may already be too late. We will freeze the others as well. In addition, we have opted to sign up for Premium monitoring with LifeLock x2! At almost $100 a month for that and the cost of freezing and thawing for the rest of our lives - Equifax owes us big time. As retirees, we can't afford to lose our nest egg. Also, one of our email accounts staring getting tons of phishing emails early summer this year. A coincidence? Not likely. Those of us with higher credit scores will most likely be the first targets. We are outraged!

Experian rejected request for online free annual credit report and provides no explanation

Since this affects almost every American that has a credit history (children not affected), I would love to know whether the employees & CEOs of Equifax are affected (and likewise whether the directors at the FTC who seem to be in cahoots with Equifax are affected.) Somehow I have to wonder if these individuals (or the Executive Branch of government) happen to be the VERY few adult tax-paying Americans who are not affected. Furthermore, we KNOW Russia is hacking. This smells like an orchestrated event, whether they are involved or not. I think the only solution is if the GOVERNMENT assumes oversight. To give FREE CREDIT MONITORING for LIFE (only viable solution), it would put ALL of the credit companies out of business, so they won't do it. Therefore, as someone else suggested, Equifax needs to be dissolved and all assets (including reassuming the money from the illegal sale of stocks from the CEOs) need to be put toward paying EXPERIAN and TransUnion to provide FREE CREDIT MONITORING FOR LIFE.

I tried using the website to get my credit report. But the system made it difficult to get past the reCAPTCHA robot check even though I was very careful to type in the image carefully. It locked me out after a few tries and said I should go back and re-enter my information all over again. This time after a couple of blocks it suddenly said that EQUIFAX could not give me my own credit report online and I need to write to them with copies of all my sensitive information. THIS IS BEYOND RIDICULOUS!

I entered last name and 123456- said i was breached. geeze

I just tried to freeze my credit at Equifax, their site isn't working. I got an error response.

Figures, Equifax screws up and now refuses to spend the money to fix the problem it created.

That's one corporation that should be put out of business. Maybe all three should.

People!!! If this was a hoax equifax would of said it was a hoax and all the news channels would of told you is a hoax... period!

You can enter any name and made up partial SSN and get the same response 'you may have been impacted' I doubt they actually know whose data was stolen.

How is it possible that this security breach occurs in the spring/summer 2017 timeframe, one has to assume that the federal government is aware of, three Equifax executives are "allowed" to sell 1.8 million worth of stock, and the consumers that are paying all the bills get a one-year protection plan for something that is going to affect the rest of their lives?

My mother just got a call yesterday from someone saying they were calling from Equifax and one of credit cards was compromised and needed some info. From her and to notify her?!? This didn't sound right to me. Hadn't heard they were actually calling anyone!!?? To make matters worse the card is from a bank in FL. That us still closed down! Then when call the no. Back as I told her to verify it just goes to a non-disrupt vm! Help

That sounds like a scam.

If you get an unexpected call from your bank or credit card, don't give any information. Hang up. Then look up the number, or use the number from your statement or credit card, and call back. Ask if the bank or credit card company really called you.

Tried to use the Transunion website to place a fraud alert, another "error" occurred after I'd completed the application, so that didn't work. I tried calling the number provided (on the site) it required me to already have a PIN to "access my file". Which of course I didn't have. The Experian page for requesting a credit freeze also isn't working. I may have--finally--been able to place a fraud alert via Transunion's automated telephone service, but since I wasn't told I'd get any kind of paper confirmation, who knows? It'll be my word against theirs if the fraud alert isn't placed and/or TU doesn't notify Experian and Equifax as required. However I did have to listen to a couple of minute on why I should sign up for a 30 day free trial of a Transunion credit monitoring system, cancel "for free" within the 30 days, then $19.95/month forever and ever. SUCH an incredible deal. I declined despite the hard sell.

Wouldn't it be something if Congress or all the states actually cared about the majority of their residents and so acted to protect their interests rather then those of large corporations. I guess it's good to have dreams.

Just found out I have to PAY at least $!0.00 each to have to a CREDIT FREEZE applied to my file??? ARE YOU KIDDING ME??? Doing all this because of their SCREW UP and now I HAVE TO PAY TO PROTECT MYSELF????

Chumley, in most states it's free if there's a police report filed. However, I can't tell if Equifax actually filed a police report for this data breach. I would expect it to be filed in Atlanta where they're based. If they did and we could get it would be at no charge to us.

Want to know if I've been breeched

what NOT to do after a security breach? Rely on EXPERIAN to put a SECURITY FREEZE ($10) on your credit report. This is different than the FRAUD ALERT (FREE) I requested two security freezes through the EXPERIAN website using the process they make you use. EXPERIAN processed my payment then provides a message 'WE ARE UNABLE TO HONOR YOUR REQUEST BECAUSE YOU DID NOT PROVIDE THE INFORMATION NEEDED' but you PROCESSED MY PAYMENT which I now have to dispute. THANKS a lot. This is a joke. This is what FTC.GOV and any theft identity site recommends you do. Just visit any one of the 3 credit bureaus to request the security freeze. Really? So use the one that was HACKED. Or use the one that takes your money and does not provide the freeze.

goog luck getting that money back. took me months to fix my credit after equifax sbroke it with a debt that was not mine. and wall street millionaires is in charge of the government now, doubt any of them know anything about cyber security. i have transunion monitoring because ibm 'lost' my info years ago. transunion has a 'lock' feature that you can turn on, and turn off temporarily while you apply for a loan. no one can process a loan when it's on. of course that doesn't stop someone from using your credit card or filing you tax return.

I tried to get into to see if my information was impacted. I had to prove over and over I was NOT A ROBOT, but it never worked. THIS IS A TOTAL SCAM.

the robot thing can be frustrating. it night be something to do with the browser you are using. if you can try a different browser (like firefox instead of chrome, or visa versa) you might get it to work. sometimes my phone doesn't seem to work with the reCaptcha either.

Cannot get past the robot images. They are unclear.

I just called the Equifax hotline to see if my credit card information was stolen. The first time I got a busy signal. The second time I got a lady who knew nothing, and could only parrot to go to the website. I told her I had and that my information "may have" been taken. She asked if I signed up yet for the protection. I told her my date is not until tomorrow. That was all she could do. No nuggets of information. No help. There is no way to provide feedback to Experian. This whole thing reeks of incompetence. I don't use Experian. How did my info exist there to be taken anyway?

One easy way to add security to the very vulnerable SSN system is to add 2-factor authentication such as phone (call or text response to confirm) for any changes, updates, queries, etc. We should have laws to protect us with such enforcement.

Your computer has viruses? It's not Microsoft's fault for having such a bad operating system. It's your fault for not having anti-virus.

Your medical bills are too high? It's not the healthcare industry's fault that their prices for care are too high. It's your fault for not having insurance to cover it.

Your identity got hacked? It's not the credit bureau's fault for being hacked. It's your fault for not buying identity theft protection.

COME ON! Let's put the responsibility here on the big companies, and fix the problems where they start, rather than trying to fix everything with insurance! This is ridiculous!!!!

do employers who give employees data to "the work number" have to report this cyber hack? This is more than credit report information, it is payroll information

I entered "Equifax" as last name with 123456 as last 6 digits of SSN in the "potential impact" and the result was ...YES with invitation to sign up for credit protection blah blah.
Out of fun I tried BINLADEN and it also gave you the same result.
Equifax is on really top of the problem!!

Everyone here has 2 Senators and a Congressman.
I suggest we quit dealing with Equifax, and instead write our 3 representatives in Washington, the FTC, and Attorney General Jeff Sessions (5 letters in total) and request that they require Equifax to provide credit monitoring and fraud alert for free for every "customer" affected by this malfeasance.

Continue wouldn'let me go

How about this? I enter my name and 6 numbers, tell them I'm not a robot, submit and then my virus program stops transmission and says that "This site may have caused damage to your computer"...

Can we trust this process on this page? I don't think so. I don't know how we can even trust our credit history into the future with the other two reporting agencies! This whole entire system of credit reporting is compromised. How in the world do we go forward in trusting credit information from any of them? It seems we are at the crossroads of an impending overhaul. Perhaps I should start keeping my money under a mattress and disregard giving any agency the authority to tell me how worthy I am of anything!!! The greed of those execs! Totally disgusted.

this is NOT a good situation!! You work hard for years and years to have excellent credit and it can be ruined with this breach!!
I agree vehemently that Equifax should do something.... and the FTC should police it....

Don't bother calling the number either. Total waste of time. The lady just directed me back to the website that was not working.

Please notice the http address at the top of the page where you check to see if you are impacted... it is a http address for checking to see if you are eligible for their ID service. They didn't even bother to change the http address to something like 'http:// determine impactstatus. com' . They just rerouted all of America to their service knowing you'll be screwed in a year if you don't pay to renew.

Probably hacked by a credit monitoring service just to convince you to pay their ridiculous monthly monitoring fee.....

What happens after a year? I mean, it's widely known they're only covering you for a year so all those persons with your information just have to wait for that period of time to pass. And then what? We're liable to pay because Equifax messed up? Will there be further protections provided after that time?

I just attempted to place a fraud alert with Equifax and couldn't. I followed all the prompts in the automated system, and when I was all finished, the system told me to notify them by mail. They said to include a copy of my social security card, a copy of a bill showing my address and to enlarge any items with small print. The list of items required was lengthy. Clearly, they did not want to place the alert.

When signing up for their protection, they want your social security number. I don't like giving that out, especially over the internet. That isn't safe either is it?

Seems odd to me they want you to enter all your personal info to register for their free monitoring. You'd think they have that on file. Lord knows the hackers have it on file.

Or maybe I'm just DaZeD aNd CoNfUzEd?

This is BS. I entered smith 224567 and it said I may have been compromised. Try it. On the 3rd false name I got "may have" been compromised. I tried it again later with the same name and number and it said I was not compromised. BS

I have not bothered trying to go to the Equifax site knowing any response would be crap. It seems to me the only solution is to force our representatives to do what is necessary. The only real way to "force" them is by our vote. We need to let them know that we will not stand for their usual "FAVOR" big business or the usual "DO NOTHING".
I have read numerous good ideas and we do need to either call our Congressmen and Senators or email them with our expectations.
The first thing I think should be done is for Equifax to notify each individual affected and tell them exactly what was stolen.
Next, Equifax should pay to have credit monitoring from the other two agencies and their site for free. They should be required to pay for a credit freeze/remove as requested, and /or placing a Fraud Alert on an account if requested. Of course , these provisions would be for life as the data can't be changed. They should be made to pay "ALL" costs associated with any fraudulent use of the information stolen and what ever is needed to clean up that use.
To me, those items would be a good start and when you contact your "Reps" please mention those item along with what ever else you feel should be stated.
We all know Republicans favor "Big Business" over us peons, but the Democrats are not that far behind which makes punishment unlikely. However, with the number of people involved in this "BREACH" and the "TRUST" we put in the Government to protect us in matters like this, if we stick together in the warning of the power of the "VOTE", we become a very, very "BIG Business".
I think there are a few things that would be a good start, like a fine of hundreds of dollars for each day Equifax failed to notify each individual that their information was stolen and exactly what that information was. So say $500.00 for 21\2 months and over half the US population--My mind boggled! That should put the Gov't in the black.{It will help anyway}.
Have whichever Gov't Agency[S] apply and give them real power to enforce and fine and then have the agency"{S} oversee the rebuilding the security at Equifax and having said agency hire hackers to ensure the system is as safe as it can bee. All of that paid for by Equifax, including the wages of any Gov't personnel and hackers hired by the gov't.
They should be closely monitored by the appropriate agency for as long as it takes for said agency to trust Equifax to follow the rules and guidelines set forth by the agency. Then continued "UNANNOUNCED" spot checks with the ability to levy huge fines for dropping the ball when the overseers left.
OK, this is long enough, but you get the heart of the matter. Sticking together in our desire to see some real punishment and huge fines for the sloppy guarding of our information that was taken and used without our permission in the first place. Also that it should be the responsibility of the people that lost that information to now step up and take responsibility and instead of trying to make money from us for their errors, they need to be providing what protection is available for free.

was my data breached


Leave a Comment