The Equifax Data Breach: What to Do

Share This Page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, (This link takes you away from our site. is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting Accounts or activity that you don’t recognize could indicate identity theft. Visit to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.




I agree, they are very likely the safest now.. A data breach can happen to the best of them, even those crossing their T's and dotting their I's in regards to security.

Wrong. Don't give your information to a company a second time that just had a breach of millions of records. You think a company this big can plug holes that quickly and competently? Plus that site is not even on the domain.

Unfortunately that's not an option. Any credit lender, bank, utility company that pulls credit, also provides your information to the three credit bureaus. What sucks most about this breach is you don't have any control over them having your info. Unless you stash cash in your mattress and live under a rock, adulting requires you to have a credit report with them.

Well, they DO already have all of your personal information. So what's the harm in giving it to them again? That ship sailed already.

Exactly! I went back to sign up on the specified date and was asked for my full SS number along with other critical info. Why on Earth would I give them that after that they've done!!!!!!!

You are also giving them your info on another website entirely. Not their original website. Who knows if their new, quick set up website is even as secure as their main one? I read an article about some bigwig at Equifax who actually posted a spoof site of where you go to check for the breach-just to teach Equifax how easy it is for Hackers to spoof/breach their website. He made & tweeted the site "securityequifax2017 .com" instead of equifaxsecurity2017. com, and said he got over 20,000 hits of people going to the wrong page.

On their website it indicates that signing up does not bar legal action. That language was removed from the agreement for this incident only. I had read articles about that and hesitating signing up, but apparently consumer backlash forced removal of the arbitration language. Hope this helps


that's not true anymore - they changed it.

I was told the part saying you can't sue was taken out of the fine print when I called. But when I asked what do I do about the charges that already happened because of this breach I got I Dont Know!

I heard this on the news too

They changed that.

Don't enroll in Equifax. Why on earth would anyone enroll in their credit monitoring program when it was their data that was hacked in the first place. Pay for a reputable Identity Protection insurance service. That is the best way to add some protection. Don't trust the credit reporting agencies to protect your data.

Some lawyers have got them to change the wording so you can now. As soon an possible I will be joining a class action lawsuit ASAP. This was negligent and beyond irresponsible

So you can't sue them if you were impacted by the breach and subsequently had ID theft? Does this go into effect if you have them freeze your credit?

How many million could sue? Enjoy your $20 bucks!

I was thinking the same thing. With the amount of breaches and people wanting to sue, we'd be LUCKY to get even $20 bucks.

No ,you will not have to opt out of class action lawsuits

The attorney general of Arkansas said that's no longer true. You can sue.

You are absolutely correct, liars!

I wouldn't register with them as they are offering the service free for year 1 and from year 2 onwards there is a monthly fee of $19.95 as per information I received. It is important that we know that if we take their free service, we wouldn't be able to join any Class Action suite against them. Also worth to note that the hackers may not use the data say on immediate basis with the intent that is a common perception.

I understand that they dropped the clause about waiving the right to future suits.

Correct. They dropped that clause and their website clarifies this now.

Took me awhile too. Interesting thing-I registered myself and then hours later did my husband. He was given a date two days before mine. Not sure how they come up with the date.

Am I In the Equifax Data Breach, plus date of enrollment

How do I get back to that page to enroll?

To find out if your information was exposed you can go to Equifax’s website, This link takes you away from our site. is not controlled by the FTC.

I am not seeing a date. Can you explain where to look for that? I am not seeing any change on the screen at all.

I signed in , was shown to be affected and continue to enroll. Was not given an enrollment date - just straight to sign up. Have they caught up enough to handle current traffic?

There's no date...just a white screen.

I ran into that as well. Not sure if it's timing but I switched from FF to Chrome and it worked.

Do you all really want liars to monitor your credit?

Has my account been hacked

did that but the address it said to log into isn't working. Was it faq. trustedidpremier. com?

To find out if your information was exposed you can go to Equifax’s website, This link takes you away from our site. is not controlled by the FTC.

Nothing happens for me when I enter last name & partial SS#, as well. Nothing else appears on that page.

I've been waiting a week for the promised email; not much confidence in Equifax...

I went through the whole process of signing up and it said I would get an email to complete the process. I just got an email today that made me go through the first process all over again. Now I'm afraid the 2nd time was a hacker. I don't know why I would have to enter everything all over again.

Did not receive an enrollment date which is supposed to arrive by email. Equifax says they're swamped and they have no idea when an enrollment date will be issued. According to Wendell, the email most likely will appear in your spam or junk folder.

By change do you know if you can enroll after the date they give you? I just tried to enroll and the instructions say that I will received an email from them. That has never happened and to contact someone is nearly impossible. Any suggestions?

Sam is correct. I have notified my credit union of this goof by Equifax.

You have to make sure all the required fields are filled out, and have a green checkmark, or it won't let you continue.

These sites always reject my email address. So tired of this I know my email address. They are asking for info then reject what you enter.

same thing here and all day unable to contnue

when you sign into Equifaxes website you are waiving your right to sue them in the event of a class action lawsuit against their disgusting gross negligence of IT Security.

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

Are answers on a FAQ website page sufficient to override a binding agreement, when that specifically states it constitutes the agreement in full?

First off, let's be clear ... the FTC and other agencies had a responsibility to insure that companies with access to our information were using due diligence in protecting that data. Equifax did not take such measures and their negligence led to this fiasco. FTC, long asleep on the issue of security, cannot wave their collective hands and say it was not in part their responsibility. But, they will do just that.

Secondly, this is beyond a yearly concern. This is your data, your personal data, and if a hacker has it then they will have it forever. There's a lot of heat now on this, but all the hacker has to do is wait a year and then start using and selling the information. You cannot change your information... name, social security information, birthday and so on.

Third, it is not only credit history that is imperiled. Your whole identity is up for grabs, including things such as medical ID fraud, tax fraud, and even someone becoming you by using your identity.

Fourth, Equifax is a fraud and here's why. Go to the site listed above and try to verify that your history has been affected. It might say that it "may" have been affected. The operative word is "may" Does that satisfy or were you expecting a direct, unequivocal yes or no answer. Now type in a last name, any last name will do, and any series of 6 numbers. Look at what they return ... the site might say that you may have been affected or it may say that you were not affected. Now remember, there is no such person as the one you just entered with the random numbers you chose. So, the information returned is bogus dross and tells you nothing including if the return generated from your valid information is correct. But, it just might drive you to panic and sign up with their wing-ding-bee’s knees credit protection scheme.

Lastly, Equifax has not stated what was released; if your information was released at all. To wit from their site, "The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers." Again, please focus on the legalese and wishy-washy terminology. The operative word in the sentence is "primarily" which Easy Law defines in legal terms as, "In a primary manner; in the first place; in the first place; in the first intention; originally." Another words, it mostly is what follows, but the list of impacts shown might only be a partial listing. If the company was really serious about keeping you informed they would state, "The information released included ONLY the following ..." Period. Full stop! Not primarily!

Equifax will monetize this fiasco by getting folks on board their credit protection schemes and then, at the end of the year, will beseech them to continue for $xx.xx per month - because, of course, the threat is still out there. And, when millions out of justified fear sign up to pay then they will profit handsomely. Scam come to mind? What a game it is!

all very valid points, additionally I would imagine all three credit reporting companies have the same data AND with such a massive leak of information (70% of all american over 18 years of age) the other services may as well close shop, they were in control of protected information that is no longer protected...

very well put. Everyone's blood should be boiling about this, but the hurricane took this story off the front page much to Equifax's relief no doubt.

To put a credit freeze on, you must provide each of the three credit info aggregators, 5 -10 dollars each. Do the math, if only 2/3s of the effected class take this preventative measure, and I believe everyone should, then this represents a .5 - 1 billion dollar windfall for the credit agencies for fixing a problem their lack of due diligence created! You break my window. I pay you 10 dollars.

They should have put credit freezes on all accounts immediately on discovering the scope of the breach, themselves, for free and then compensated all people who were effected by such freezes for their troubles. They shouldn't be doing this now for a charge! Where's our lovely Congress and FTC? Busy gutting the CFPB no doubt.
Come on Republicans-you are our protectors! Step up!

The media should stop referring the people as "customers" of the credit agencies. We are not and most of us had our information collected unwillingly and without our permission, with no oversight and no discernible warrantees of its safety. This is what de-regulation of the private sector leads to.

Come on sheeple! Rise up!


Leave a Comment

Comment Policy