The Equifax Data Breach: What to Do

Share This Page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, (This link takes you away from our site. is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting Accounts or activity that you don’t recognize could indicate identity theft. Visit to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.




People!!! If this was a hoax equifax would of said it was a hoax and all the news channels would of told you is a hoax... period!

You can enter any name and made up partial SSN and get the same response 'you may have been impacted' I doubt they actually know whose data was stolen.

How is it possible that this security breach occurs in the spring/summer 2017 timeframe, one has to assume that the federal government is aware of, three Equifax executives are "allowed" to sell 1.8 million worth of stock, and the consumers that are paying all the bills get a one-year protection plan for something that is going to affect the rest of their lives?

My mother just got a call yesterday from someone saying they were calling from Equifax and one of credit cards was compromised and needed some info. From her and to notify her?!? This didn't sound right to me. Hadn't heard they were actually calling anyone!!?? To make matters worse the card is from a bank in FL. That us still closed down! Then when call the no. Back as I told her to verify it just goes to a non-disrupt vm! Help

That sounds like a scam.

If you get an unexpected call from your bank or credit card, don't give any information. Hang up. Then look up the number, or use the number from your statement or credit card, and call back. Ask if the bank or credit card company really called you.

Tried to use the Transunion website to place a fraud alert, another "error" occurred after I'd completed the application, so that didn't work. I tried calling the number provided (on the site) it required me to already have a PIN to "access my file". Which of course I didn't have. The Experian page for requesting a credit freeze also isn't working. I may have--finally--been able to place a fraud alert via Transunion's automated telephone service, but since I wasn't told I'd get any kind of paper confirmation, who knows? It'll be my word against theirs if the fraud alert isn't placed and/or TU doesn't notify Experian and Equifax as required. However I did have to listen to a couple of minute on why I should sign up for a 30 day free trial of a Transunion credit monitoring system, cancel "for free" within the 30 days, then $19.95/month forever and ever. SUCH an incredible deal. I declined despite the hard sell.

Wouldn't it be something if Congress or all the states actually cared about the majority of their residents and so acted to protect their interests rather then those of large corporations. I guess it's good to have dreams.

Just found out I have to PAY at least $!0.00 each to have to a CREDIT FREEZE applied to my file??? ARE YOU KIDDING ME??? Doing all this because of their SCREW UP and now I HAVE TO PAY TO PROTECT MYSELF????

Chumley, in most states it's free if there's a police report filed. However, I can't tell if Equifax actually filed a police report for this data breach. I would expect it to be filed in Atlanta where they're based. If they did and we could get it would be at no charge to us.

Want to know if I've been breeched

what NOT to do after a security breach? Rely on EXPERIAN to put a SECURITY FREEZE ($10) on your credit report. This is different than the FRAUD ALERT (FREE) I requested two security freezes through the EXPERIAN website using the process they make you use. EXPERIAN processed my payment then provides a message 'WE ARE UNABLE TO HONOR YOUR REQUEST BECAUSE YOU DID NOT PROVIDE THE INFORMATION NEEDED' but you PROCESSED MY PAYMENT which I now have to dispute. THANKS a lot. This is a joke. This is what FTC.GOV and any theft identity site recommends you do. Just visit any one of the 3 credit bureaus to request the security freeze. Really? So use the one that was HACKED. Or use the one that takes your money and does not provide the freeze.

goog luck getting that money back. took me months to fix my credit after equifax sbroke it with a debt that was not mine. and wall street millionaires is in charge of the government now, doubt any of them know anything about cyber security. i have transunion monitoring because ibm 'lost' my info years ago. transunion has a 'lock' feature that you can turn on, and turn off temporarily while you apply for a loan. no one can process a loan when it's on. of course that doesn't stop someone from using your credit card or filing you tax return.

I tried to get into to see if my information was impacted. I had to prove over and over I was NOT A ROBOT, but it never worked. THIS IS A TOTAL SCAM.

the robot thing can be frustrating. it night be something to do with the browser you are using. if you can try a different browser (like firefox instead of chrome, or visa versa) you might get it to work. sometimes my phone doesn't seem to work with the reCaptcha either.

Cannot get past the robot images. They are unclear.

I just called the Equifax hotline to see if my credit card information was stolen. The first time I got a busy signal. The second time I got a lady who knew nothing, and could only parrot to go to the website. I told her I had and that my information "may have" been taken. She asked if I signed up yet for the protection. I told her my date is not until tomorrow. That was all she could do. No nuggets of information. No help. There is no way to provide feedback to Experian. This whole thing reeks of incompetence. I don't use Experian. How did my info exist there to be taken anyway?

One easy way to add security to the very vulnerable SSN system is to add 2-factor authentication such as phone (call or text response to confirm) for any changes, updates, queries, etc. We should have laws to protect us with such enforcement.

Your computer has viruses? It's not Microsoft's fault for having such a bad operating system. It's your fault for not having anti-virus.

Your medical bills are too high? It's not the healthcare industry's fault that their prices for care are too high. It's your fault for not having insurance to cover it.

Your identity got hacked? It's not the credit bureau's fault for being hacked. It's your fault for not buying identity theft protection.

COME ON! Let's put the responsibility here on the big companies, and fix the problems where they start, rather than trying to fix everything with insurance! This is ridiculous!!!!

do employers who give employees data to "the work number" have to report this cyber hack? This is more than credit report information, it is payroll information

I entered "Equifax" as last name with 123456 as last 6 digits of SSN in the "potential impact" and the result was ...YES with invitation to sign up for credit protection blah blah.
Out of fun I tried BINLADEN and it also gave you the same result.
Equifax is on really top of the problem!!

Everyone here has 2 Senators and a Congressman.
I suggest we quit dealing with Equifax, and instead write our 3 representatives in Washington, the FTC, and Attorney General Jeff Sessions (5 letters in total) and request that they require Equifax to provide credit monitoring and fraud alert for free for every "customer" affected by this malfeasance.

Continue wouldn'let me go

How about this? I enter my name and 6 numbers, tell them I'm not a robot, submit and then my virus program stops transmission and says that "This site may have caused damage to your computer"...

Can we trust this process on this page? I don't think so. I don't know how we can even trust our credit history into the future with the other two reporting agencies! This whole entire system of credit reporting is compromised. How in the world do we go forward in trusting credit information from any of them? It seems we are at the crossroads of an impending overhaul. Perhaps I should start keeping my money under a mattress and disregard giving any agency the authority to tell me how worthy I am of anything!!! The greed of those execs! Totally disgusted.

this is NOT a good situation!! You work hard for years and years to have excellent credit and it can be ruined with this breach!!
I agree vehemently that Equifax should do something.... and the FTC should police it....

Don't bother calling the number either. Total waste of time. The lady just directed me back to the website that was not working.

Please notice the http address at the top of the page where you check to see if you are impacted... it is a http address for checking to see if you are eligible for their ID service. They didn't even bother to change the http address to something like 'http:// determine impactstatus. com' . They just rerouted all of America to their service knowing you'll be screwed in a year if you don't pay to renew.

Probably hacked by a credit monitoring service just to convince you to pay their ridiculous monthly monitoring fee.....

What happens after a year? I mean, it's widely known they're only covering you for a year so all those persons with your information just have to wait for that period of time to pass. And then what? We're liable to pay because Equifax messed up? Will there be further protections provided after that time?

I just attempted to place a fraud alert with Equifax and couldn't. I followed all the prompts in the automated system, and when I was all finished, the system told me to notify them by mail. They said to include a copy of my social security card, a copy of a bill showing my address and to enlarge any items with small print. The list of items required was lengthy. Clearly, they did not want to place the alert.

When signing up for their protection, they want your social security number. I don't like giving that out, especially over the internet. That isn't safe either is it?

Seems odd to me they want you to enter all your personal info to register for their free monitoring. You'd think they have that on file. Lord knows the hackers have it on file.

Or maybe I'm just DaZeD aNd CoNfUzEd?

This is BS. I entered smith 224567 and it said I may have been compromised. Try it. On the 3rd false name I got "may have" been compromised. I tried it again later with the same name and number and it said I was not compromised. BS

I have not bothered trying to go to the Equifax site knowing any response would be crap. It seems to me the only solution is to force our representatives to do what is necessary. The only real way to "force" them is by our vote. We need to let them know that we will not stand for their usual "FAVOR" big business or the usual "DO NOTHING".
I have read numerous good ideas and we do need to either call our Congressmen and Senators or email them with our expectations.
The first thing I think should be done is for Equifax to notify each individual affected and tell them exactly what was stolen.
Next, Equifax should pay to have credit monitoring from the other two agencies and their site for free. They should be required to pay for a credit freeze/remove as requested, and /or placing a Fraud Alert on an account if requested. Of course , these provisions would be for life as the data can't be changed. They should be made to pay "ALL" costs associated with any fraudulent use of the information stolen and what ever is needed to clean up that use.
To me, those items would be a good start and when you contact your "Reps" please mention those item along with what ever else you feel should be stated.
We all know Republicans favor "Big Business" over us peons, but the Democrats are not that far behind which makes punishment unlikely. However, with the number of people involved in this "BREACH" and the "TRUST" we put in the Government to protect us in matters like this, if we stick together in the warning of the power of the "VOTE", we become a very, very "BIG Business".
I think there are a few things that would be a good start, like a fine of hundreds of dollars for each day Equifax failed to notify each individual that their information was stolen and exactly what that information was. So say $500.00 for 21\2 months and over half the US population--My mind boggled! That should put the Gov't in the black.{It will help anyway}.
Have whichever Gov't Agency[S] apply and give them real power to enforce and fine and then have the agency"{S} oversee the rebuilding the security at Equifax and having said agency hire hackers to ensure the system is as safe as it can bee. All of that paid for by Equifax, including the wages of any Gov't personnel and hackers hired by the gov't.
They should be closely monitored by the appropriate agency for as long as it takes for said agency to trust Equifax to follow the rules and guidelines set forth by the agency. Then continued "UNANNOUNCED" spot checks with the ability to levy huge fines for dropping the ball when the overseers left.
OK, this is long enough, but you get the heart of the matter. Sticking together in our desire to see some real punishment and huge fines for the sloppy guarding of our information that was taken and used without our permission in the first place. Also that it should be the responsibility of the people that lost that information to now step up and take responsibility and instead of trying to make money from us for their errors, they need to be providing what protection is available for free.

was my data breached

Maybe the Russians were behind this hack.

Social Security and Medicare are in jeopardy as well and that may be the most lasting damage to the system. Dispute resolution for identity theft here may well take citizens long months or years.

Note: even SSA and Medicare refer to us on their sites as "consumers" in the same manner as Equifax referring to us as "customers". We are not either! We are citizens, supposedly, and better fight to regain that formerly honorable status.

The Credit Bureaus are criminal enterprises that should be shut down immediately. I tried to obtain my "free" credit report, and two of the three would not let me get the report guaranteed to me by law due to "system issues." I then attempted to place a freeze on my credit to protect me and my family from the criminal breech perpetrated by the negligence of Equifax. Guess what - two of the three either wanted me to send documents and information in writing (delaying the freeze by days to weeks), or their systems were "unavailable." On top of that, there is no way to actually reach a human for assistance. That is absolutely criminal, considering how much sensitive data they have about Americans, and how exposed many of us are right now. We need to shut them down.

The "Potential Impact" tab that Equifax has on their site is a joke. Enter any made up last name and any 6 numbers and it will always say the same thing "Based on the information provided, we believe that your personal information was not impacted by this incident."

My credit has been frozen for years. Did these hackers also retrieve the information needed such as password, pin, user name that I have to use to lift the freeze temporarily?

Click on the “Potential Impact” tab. Where is the tab?

i already have transunions monitoring because IBM 'lost'files with my personal data. Equifax was the one that let a bill collector put a bad debt on my report when all he had in common with me was the the name 'smith', different ssn, different address, different first and middle names. just smith, and they ruined my credit for months. cyber security is important, but the federal government isn't doing much becuase admitting there is cyber security problems is apparently admitting russia helped trump win. i guess on the good side, i no longer have any money to worry about.

Equifax should not ask us to enter our personnel information to be monitored. They should monitor all accounts that are in question because it was there mistake not ours

It's time to switch what identifying information is used with so many people being compromised. I'm ready for an eye scan or something like that. Too many people being affected for years to come with social security numbers, etc.

This is a crap link. It's not accurate. They are not searching a database for your information and whether or not it was breached. I used a fake name and numbers (123456), it said the same thing as when I typed in my last name and digits. They are just trying to trap you into something.

We SHOULD be concerned that buying ID protection from the same credit agencies that can't secure our personal data is contradictory. All three have a vested interest in this issue because they will earned hundreds of millions of $$ from the monthly fees for these locking and freezing and monitoring services. Nearly all of what these packages offer we can acquire ourselves, but there's a huge convenience of having it done for us, which is what we are supposedly paying for, along with insurance for losses due to fraud. If you're looking for a personal ID security blanket, the only way to dodge the conflicts of interest shared by Equifax, Experian and Transunion and still get the convenience of a one-stop service provider is to go third party. It's no coincidence that Symantec (SYMC, owner of Lifelock) is up 13+% since 9/5.

I checked Equifax site & was told I may have been impacted. Tried to enroll in the Trusteer but never got email with link. I also tried putting a credit freeze only account but got a msg that they were unable to service request. Try agto the large volume of customers.
I called their Call Center and was told to wait an hr to get the email due
to large volume.


Equifax should be forced to close up shop. My husband and I have had credit freezes for at all 3 credit reporting agencies for approx 3 years. We were involved in the Target breach and a Blue Cross breach and now this Equifax breach pops up. The credit freezes get expensive if you live in a state that allows the "Big 3" to charge you for signing up for the credit freeze. You are charged individually (not by household) at each agency. Then you must pay individually
To remove the freezes each time you are attempting to finance something. Each agency assigns you a password that you must use each time you visit their website and attempt to access your information. Beware the consequences if you lose your password or it just simply will not work. Two years ago we were buying a small tractor. My husband's Equifax password would not work. He had to send a letter requesting a new password with copies of his drivers license, Social Security card, and 2 pieces of mail with his name and address on it (credit card bill, utility bill). We even included a copy of his passport. He received a letter denying his request stating the request was done incorrectly. We went through the process again and received a letter stating they had no record of us living at the address we provided-10 years at the address at that time and everything that was sent to them had the address on it. We had bought a couple of vehicles since moving there, so there is no way Equifax did not have information that we lived there unless they had not updated our files in over 10 years He never received a new password. I bought the tractor. Equifax is incompetent and should no longer be permitted to operate. If everyone would band together and make a commitment to call the Congressional switchboard once a day indefinitely to demand that Congress take action on the issue of these data breaches and impose stiff penalties it will work. If people will start calling and asking other people to call it will overwhelm the system . The number is toll free , so call and leave messages for your senator and ongressman/woman demanding the gov take action on this issue. Start this grassroots movement and watch it grow. This issue is important to all of us.

FYI to other people contemplating a credit freeze. Today after submitting the form on Transunion's website for $10 which worked; I tried placing one on Experian's site (even though $11.01 while WA's legal fee supposed to be $10 max). Experian would not process my freeze requet even though I just done my annual free report through them about aweek before Equifax disclosure.

Rejection said I have to mail a copy of my DL, utility bill, and SS# so of course will use certified which costs about $8 and means standing in line. Then have to hope mail not lost/stolen.

I tried calling; after 45 minute wait she transferred me; gave up after hour total. Then called state of WA's department regulating finance... waste of time too.

This can be fixed by immediately making it mandatory that anyone wanting to issue credit must receive written permission by the individual by writing to the address of record supplied by the credit gathering entity. Mail will be forwarded by post office if person has moved. Doing otherwise would be a cause for a law suit.


Leave a Comment

Comment Policy