The Equifax Data Breach: What to Do

Share This Page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, (This link takes you away from our site. is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting Accounts or activity that you don’t recognize could indicate identity theft. Visit to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.




Generally, not always, GOP cares about the "rights" of the wealthy & corporations, not anyone else.

Even so, if everyone who's upset about this hammered on their member of Congress (in the Senate and House) for the next 6 months, say one call or e-mail/week, invite friends and family to participate, use twitter, whatever other social media you use to keep talking about this issue) then there might be some action.

otherwise, as already said, it's just business as usual in the US. The FTC can't do anything if it has no legislation or regulations that AUTHORIZE to act. Same w/HIPAA, the legislation itself contains almost no penalties for violating HIPAA. Unless a state has statutes regarding monetary or other penalities for violating privacy, or disclosure of confidential documents/information that includes health care providers, there is nothing in place. For example, there is NO federal legislation that enables an individual to sue any entity that does what Equifax, and Anthem, and TJ Maxx, and and and have done AND that if the individual proves he/she suffered losses/injuries, etc. requires the corporation or other entity to PAY that individual's attorney fees and costs. Also known as a fee-shifting provision. That would make it possible for many people who cannot afford to sue, to do so, if they suffered a loss due to identity theft, etc. That would be one way to "enforce" privacy legislation or laws.
Instead, there is no agency that can actually impose hefty fines, etc. I think some of the state AG's offices may end up suing, i.e,. class actions. That takes a long time, the usual result seems to be a money settlement with the corporation admitting no wrongdoing. And no requirement that the corporation undergo inspection (i.e., hackers trying to hack into their system) to demonstrate that the corporation or other entity has improved its security.

But nothing to stop people from telling their Congresspeople, over and over and over and over again, demonstrating, etc. that that's the kind of legislation they want. And campaigning against their Congressperson at the next election for NOT doing it, since few will.

"Come on Republicans-you are our protectors! "

LOL. Republican lawmakers only care about their own bank accounts. If you want regulation or oversight Democrats are your friends.

Should read "lawmakers only care about their own bank accounts", but nice try.

Both parties are bought and paid for

uhm, neither of them care, unless it furthers their interests.

The incentives for lawyers to file class action lawsuits are so huge that Equifax will receive plenty of grief. No need to involve the government with everything. You really think the government is more competent or trustworthy?

Breach happened May - July. Why didn't we know in August, timing is everything,and what better time then when everyone is down with hurricanes, flooding and fires - hmmm?

Re: credit freeze:
if these companies want 5-10 bucks for freezing my info that they have collected about me over the years, then I would send them directly to Equifax for collection of said "freezing fees", as it is truly not my fault that I am in this predicament, and of course, if there are resulting damages caused by this breach of security, then I'll definitely sue the heck out of this company.

I also agree with some previous posts regarding enrolling in "TrustedID Premier": why would I trust in a company which has just proven their lack of trustworthiness?

Transunion will do a security freeze at no charge (over the phone anyway). I've been meaning to do this for some time and this mess with Equifax just pushed me to do it quicker.

Transunion told me 19.99.a month.

Cost of freeze depends on your state laws.

What if you have already signed up with"trustedidpremier" what can you do?

I am with you 100%, Mike, on your statement that all three entities should have immediately frozen ALL accounts immediately!! It's OUTRAGEOUS that we citizens should have to PAY to freeze our accounts, never mind that as of 9-13-17, one cannot gain access to the freeze request at any of the three sites...Now I believe everyone should have to OPT IN to these credit bureaus instead of automatically being opted in, and having absolutely no means of REMOVING one's data entirely (then selectively granting/providing access as one chooses)!

Please - good info is needed. The first time you freeze your credit in a "security freeze" it is free of charge. Subsequent unfreezes and freezes carry a charge. But, if a person doesn't plan to use credit in the future, i.e., borrow money to buy a house, car, etc., then why not freeze your credit? The credit agencies won't make money off selling your info to any company asking for it - so that's a good thing. No new accounts will be allowed to open with your info - that's a good thing too. Collection agencies can't damage your frozen credit either - so that's good. All the credit you have, like your current credit cards and mortgage and other loans will not be affected and you'll go on like nothing ever happened. So that's why I did it and I'm very happy about it. These nimrods that sell your info and all the credit scammers don't like this at all. That's great. For instructions about doing what I did, google credit freeze and search for the simple instructions to ease your mind a great deal in the future. Take control.
That's a good thing too.

Kevin - It isn't always free to put a credit freeze on your credit report. If you're a victim of identity theft and provide the documents to prove the theft to the credit reporting, the freeze will be free.

If your information has been lost or exposed in a data breach, you can choose to place a freeze. A credit freeze makes it harder for someone to open a new account in your name, but won’t stop a thief from making charges to your existing accounts.

Yes they can make charged to your card account, when I spoke with one card company the have 24/7 monitoring, alerts for put of country attempts, limit on atm. I did a small 500.00 alert, you get the notice, if it is you, you don't need to reply. If it's not you, tes pond to the alert. They can scan your social for all activity.

Yes they can make charged to your card account, when I spoke with one card company the have 24/7 monitoring, alerts for put of country attempts, limit on atm. I did a small 500.00 alert, you get the notice, if it is you, you don't need to reply. If it's not you, tes pond to the alert. They can scan your social for all activity.

Actually, Equifax is waiving fees for placing a credit freeze on your credit report. I did have to pay $10 to Transunion and Experian (allowable in Michigan), but I did not have to pay anything to Equifax.

Check your local state laws. In Indiana they cannot charge you for a credit freeze or temporarily lifting the freeze or any other activity with the credit freeze. Check your state laws. It didn't matter because online you get a 500 error with them.

That was an eloquent way to state exactly what I thought when I saw that pop up...

....or it's a legitimate data breach and you're just reading into it too much. All companies have offered identity theft protection after such breaches. This will not be the last data breach so just roll with it. Get the data monitoring service, continue, check your free credit reports from all 3 services on a rotating quarterly basis, and make sure you've activated alerts for existing account changes. When I entered my information it said I was compromised, no equivocation.

I agree, but I did have that thought about the money they will make for their Identity monitoring services. You are correct, several years ago when there was a huge data breach at the Federal Governments archives, my personal data was compromised and the federal government provided two years of identity monitoring. It might just change the way they use and store this type of data, hopefully sooner rather than later for Transunion, Experian, and Equifax

The problem is your information is still going to be out there after their free 'monitoring'. Nothing can undo this. We can only hope we don't get unlucky.

This is a catastrophic breach of information. The sheer magnitude of people affected and the scope of information: SSN, DOB, addresses, drivers licenses, some credit cards, and any other data that they collect. This is not a Target or yahoo breach. It is an issue of national security and NSA is also involved. Consider password resets at nuclear power plants. How do you determine the true identify of people. I froze my credit at the 4 bureaus and will unlock temporarily, if needed. This is not just another breach and "roll with it".

I would like to get the identity theft protection. My problem is I am poor living with epilepsy. I have a decent income with SSI for the rest of my life. I have great credit cards using them like a prepay card. Have not paid interest on one in 28 years. I am in the process of a refinance on my house. I am limited to what I will spend. then about a week ago I had a call. It was a scam. The man asked to speak to __ That was me I just listened to what he was saying. He asked __/___/___ is this your birthday. I stayed quite He then asked ___-__-____ is this your ssi # I said you called the wrong # and hung up. Where did he get this info from?

Identity Services Provider
The U.S. Social Security Administration uses an external data source, or what we refer to as an “Identity Services Provider,” to help us verify the identity of our online customers and to prevent fraudulent access to our customers’ sensitive personal information. Equifax is the Identity Services Provider that provides identity verification services to the Social Security Administration. For more information, please visit www. Equifax. com, (Disclaimer).

So....the SSA uses Equifax as it's designated Identity Services Provider?? Well, that's just great for all of us retirees or soon to be retirees! The thieves really did their homework well apparently! Every time you use the SSA's online services they may launch what the SSA calls a "soft inquiry" to Equifax. That's just great!

I spoke to SSA last week and they told me Experian is the one they use. This is after I could not register my wife with a web portal to SSA. SSA could not verify my wifes info therefore no registration. Key point is not who but the fact that freezing all credit bureau stops anyone registering on line with the SSA. Don't forget there are 4 bureaus including Innovis.

Clear, precise and precisely the issue and the result! The incompetence of Equifax and the FTC in this matter is mind blowing!

Mine came up as a no. I had not been breached

You are right on the money. There was something very fishy about this whole thing from the beginning. The "breach" is very similar to the Target breach and other breaches that have taken place over a period of time, yet no one seemed too alarmed by those breaches. Now, a breach of Equfax (the name, note the name) and everyone loses their mind. Could it also be an experiment to see which company names that are used in a "breach" invoke the most responae from the public. Lastly, who are the hackers? Could they not be from the very corporate USA?

If our information is floating around now, how will they recover it? I assume that information, my personal data, has been copied and sold over and over between May and now. How do we get compensated for their failure? My credit may not be affected now but who will protect me in the coming days?

Or years

With regard to a hoax re: the Equifax breach, I've considered that possibility and am unwilling to say yes or no for sure. However, when it said "maybe" for both my SS # and my mom's SS #, on a suspicion I entered my dad's SS number, as well as a different person's name with a SS number I made up, and in both cases it said "not breached." The suspicion is widespread but I'm not sure it can be proven either way. The one thing I'm sure of is that 143 million is a lot of persons, and IF that much data was compromised, a lot of people are going to get a "may" have.

Finally someone who has both common sense and knows the truth.

Let's face it. Not a single entity, no government, and no corporation can be trusted. Corruption, incompetence, and arrogance are all entrenched in the very fabric of this country. There is no such thing as privacy and it isn't a matter of who but of when you will personally pay for it, if you haven't already.

I entered my grandson's info & it's states that his information was not affected. This makes sense because he has no credit history. He's well under the age of 18.

Very informative. Thank you

Credit monitoring is a joke. I paid for a year a while back and I went on a shopping spree and ended opening up two department store cards. I never once got a notification these two lines of credit were open... I totally forgot about the credit monitoring service till my daughter asked me about it. Take your money for nothing!

HELLO? Who do you all think did the hacking? The same companies that are now going to make millions, supposedly monitoring your credit for you!!! DUHHH! It's the scammer's best scam ever and millions are going to fall for it! You'll provide information to sign up so the hackers will have even more amo to use.

WHAT IS that the FTC, the federal government, sends you right back to Equifax to check your identity breach, which, as you pointed out, is bogus. Why are we not checking our identity breach at a government website like the IRS. There is a bunch of insider crime going on both at Equifax and the government if you ask me. My bank website directed me to the FTC to check a breach and the FTC directs you to Equifax. This is very, very scary!

I have said and written this myself. It is a scam to make the rich richer the poor with less. Now what do we do. They can pay off my house,car,all loans, anything affected. then freeze all my info until I am dead. (Please do not try to kill me for this thought) Then give us each a large sum of cash. Something to pay for our time involved in fixing the problem they created. I will set up my freeze and never open another account. They are rich and have the money. So do what is right to help all. I have many more thoughts and ideas. My best one. I ask the rich to step down bring the poor up. Not in a capitalist way ant not in a communist way but in an equal way. We don't need money we need humans working together as a team. as no one human is perfect and any human can do something better than another and any human offering to do something for the benefit of society deserves the same as another.We do not need Rich and Poor. We need equal. Once again to those at the top. Please do not kill me for my thoughts

I suspect a hoax. If you put a random name in the Security 2017 Potential Impact checker, it always says you may be impacted and asks you to enroll in TrustedID. I tried with 3 different random names and got it every time.

Agreed did the same thing

When I checked my son's on his behalf he was not affected, which doesn't surprise me as he doesn't really have much if any of a credit history. I was though and don't believe it is a hoax...

I concur. I have an established credit history and I put in both my maiden and married names. I was informed I was not impacted so this is not a hoax. I still plan to monitor my accounts, but not through Equifax.

I did the same. I put a random name and random six digits.

Complete hoax. Just tried a few times, made up a name and put in "111111" into the SSN checker and got the same canned message each time.

So we may not have had our ID stolen. I'm in the same boat. I just requested my credit report from the 3 agencies to see if there is anything incorrect. If so, I'll put a freeze on my accounts & then raise hell with Equifax.

and how will you raise hell with Equifax? Please share as I will join you. But I seriously doubt the common people can effect them in any way whatsoever. To them we are like gnats. They have been brushing us and our attorneys off for years

If everyone froze their credit at Equifax it may cripple their business. Way less requests for credit checks should hurt them.

Bottom line... can't trust any aspect of Equifax's software, cyber security, services, management or standards; they appear to put profit before protecting consumer data. And, only way to impact them financially is for their direct Users (creditors, rental agencies, employers, etc) to stop using Equifax to report and inquire consumer data.


Leave a Comment

Comment Policy