You are here

The Equifax Data Breach: What to Do

Share this page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, (This link takes you away from our site. is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting Accounts or activity that you don’t recognize could indicate identity theft. Visit to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.




Equifax has lost all my credit information for the past 5 years. Their customer service reps and the managers I have spoken to have all said all my creditors need to report my information to them. I explained to them they have been, and I have proof with old credit reports. They keep telling me there is nothing they can do. This is insane. I have been trying to fix this for the last 2 weeks. This has put me in such a bad situation.

ihave been part of the data breach

No date was given for me at all. Once I clicked on the sign up button & filled out all of the info, the "Continue" button was not active and "frozen".....?

This company should not be in business anymore, period. And should take all financial responsibility for everyone who got effected by this breach.

"If you are a victim of identity theft and have created an Identity Theft Report, you may want to place an extended fraud alert or a credit freeze on your credit file". Since EQUIFAX is unable or unwilling to divulge whose information was put at risk, it would seem in the public's best interest for the FTC/Congress to mandate that the "Extended Fraud Alert" be amended to allow all consumers to put this 7 year option on their credit files. It is free and doesn't require constant fees be paid to the reporting agencies, of which ONE of them is RESPONSIBLE for this in the first place! Pls advise if this is even being considered? We should not have to continue to pay for their (Equifax, et al) negligence.

Do not sign up free for 1 year with Equifax! There’s a disclosure when you signing for free monitoring that says “you are agreeing that you will not sue us if you sign up for this free monitoring if there’s group lawsuits! Which there are in 15 states!

Ok, so what do we do for the long term?, I like how the media is avoiding mentioning anything about the permanent damage that has been done to millions of americans, once your Social Security number and other personal information is out there, you are permanently screwed, sure, everyone is always vulnerable to indentity theft, but now that half of the country's information is out there, its way easier for thiefs to get you for everything you have and ruin your life, its only a matter of time, its a lottery you don't want to win.

Why is it always blamed on the President when things don't go according to plan. The Equifax breach could possibly have been done by the government but it is still the companies responsibility to protect your information, not the President. The question here is what is going to happen to Equifax for selling stock and letting the American people down.

we don't know if we will be given the truth or not because they don't want to be liable
who can we trust

I received a mail to continue the enrollment in their protection system, but whenever I have tried to complete the enrollment, it is not possible because I get an error message:

'System Unavailable - We are unable to process your request at this time. Please try again soon.'

So I assume that will be never.

This is awful and sad that nothing is private or safe!!

If there is no privacy and we have no choice in who has access to our private information, what are we to do in the case of these security breaches that keep happening?

This blog post lists some steps you can take to protect your information. You can start by checking your credit reports.

I was told I had 3 months of free service. Not so they are charging me 19.95 a month. I cancelled it on my credit card last month and they charged me again in sept and October. Hopefully I got it stopped this time.

THE FTC SITE SAYS, "Visit Equifax’s website, (This link takes you away from our site. is not controlled by the FTC.)

Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. "


Equifax changed the words on its site since we wrote the blog. You can click on the phrase "Am I impacted?"

Well they down right lied tome. Said I was not impacted but my AMEX card was used in Tokyo to charge over $300.00 and I've never used that card online so it had to come from them. So even tho they said NO - - THEY LIED!!!!

There is no longer a "potential impact" Tab???????

Equifax changed the words on its site since we wrote the blog. You can click on the phrase "Am I impacted?"

good stuff

i received a letter today it is a notice of data breach i was given this web site i was told that you could tell me if my information was stolen.

The recent hacks of Equifax shows how vulnerable our data and sensitive our basic information is become. Hence the the need to be more conscious.

When I check whether I am impacted, I get the following error: The Amazon CloudFront distribution is configured to block access from your country. Typical Equifax.

regardless if they corrected that egregious stealth "opt out of class action lawsuit" when using their site to check your vulnerability, Aren't they required to notify the 145M potential victims? When can we expect to receive such notification? I have found no news story claiming such notifications are due to be sent out.

Equifax made money out of our data and payments, then, this should be their problem and responsibility not ours... if our government were as firm as it is with other easy issues. Who can enforce our rights?

I didn't get any notification.I went to the website I read in the papers.equifaxsecurity2017 and entered my s.s. number and it said I had been breached

So the Equifax system is down. It tells me to call an 1-877 number. When I do this, they tell me the system is down. So is Equifax just unplugging their system and that is their reset or what??

On September 15 I was registered with Equifax as a TrustedID Premier victim and immediately requested my 3 credit bureau reports. I have followed up with Equifax several times.but to date, I have not heard back from them. I can't get through to them. The violation took place 6 months ago. I don't believe they intend to do anything. I sure hope FTC is going to get on their backs and make sure they are not only held accountable but make sure they do what little they promised tod.

well today i just got a mail from equifax informing me that i've been compromised.

a scan of my driver's license that i uploaded online on their website was accessed.

thanks for the very helpful blog post! now i know what to do to combat this.

I don't understand is that why didn't they put the link in their Equfax website which everyone would go there looking for the immediate solution. It is not right that they don't even put this matter in an urgency manner. They should also send out letters for their Maybe Impact Customers. Why the District Attorney doesn't do anything about them?

This blog post some steps you may want to take to protect your information.

At this point I don’t trust Equifax to do right by me, ESPECIALLY if it’s free,

My problem is the Equifax breach has caused my substantial harm to my FICO score. I have had 6 fraudulent attempts to get a credit card in my name. My score was 813 and now it is 760 due to these attempts. But what can I do?

You can report identity theft at You can report what happened, create a Report to law enforcement and a recovery plan. You can use the fillable forms and sample letters to tell credit reporting companies how your information was misused.

social security administration is behind it all! they hired equifax to the tune of 11 million $ to ck on people to make sure that they werent getting ssi and anything they weren't entitled to from the govt! HOW STUPID!!!! the intelligent way to do this would have been to have citizens take some sort of test and apply for a full or part time job,like with the census, be trained, and paid a decent wage, providing tons of temporary jobs to american citizens till the job was done! IT would've provided needed jobs! not to mention experience that might lead to another job later on. The minute they outsource the corruption begins! taxpayers would have a vested interest in this and where their tax $ goes, instead of a for profit company that only has an interest in their bottom line for their higher ups and shareholders!!!!!

Went to Equifax, checked for both wife and self - 'may be impacted'. Requested free ID protection for both of us. Received emails for self and wife to verify with TrustedID Premier. Did so for self, but when I entered wife's birthdate (first screen asks only for this) was told she's already registered. Several phone calls later (TrustedID Premier and Equifax) turns out that since I entered same email for each of us, and that was included in the emails to us with the link to TrustedID Premier, they can't distinguish between us. That is, a service dedicated to protecting our identities uses what is arguably the least secure, and least protected, aspect of those identities to 'identify' individual protectees.
Note that they certainly could have detected that on sign-in, and made me aware of that either immediately, or in the verification email. Instead, when I give my wife's (different_ birthdate, they indicate she's already registered. This suggests that either her identity's already been stolen, or that there's a separate 'ghost' record with the initial request data (birthdate/last four/email) but one that at least some of TrustedID Premiere's softare can't disinguish from mine because the email is the same.
Would hope someone at TrustedID Premiere, or Equifax, or FTC, would point out that this appears to be a problem, whereby my wife's data may not be monitored for possible misuse. Of course, it *could* be that her data was accepted and *is* being monitored, but since it appears at present that they can't internally distinguish between us, it's not clear how that might (or might not) be reported.

Why is trustedid requiring separate email accounts when some families share an account. Equifax does not require this for their service. Just curious.

Why do they ask for an SSN; they already have it? Everyone and their dog is warned not to give out their SSN, so why should one offer it up now? I am very conflicted about this whole everyone else.

Instead of trying to protect you, this is about selling you something. Sounds like a scam to me. Just monitor your credit report yourself. Federal law allows you to get a free copy of your credit report every 12 months from each of the credit reporting agencies: Experian, Equifax and Transunion. Since there are three of them, you can rotate your free inquiry between companies every 4 months. If you see something out of the ordinary, you file a report directly to the credit agency as well as the accounts affected. I use There are no gimmicks, but as we are all accustomed, there are pitches here and there. Good luck everyone.

Signed up for TrustedID Premier on 9/24 including supplying the most sensitive info possible. Never received email confirmation. Called back on 10/3 and was told that due to the volume, I should wait another couple of weeks... Still have not received anything from them. Called them back today and was told that all my information was 'dropped' and the I should go through the sign-up process again.

EQUIFAX SUCKS! The FTC should shut them down!

Yes, they should be accountable for LIFE. Our data should be protected at no cost to us not just a year free for some automatic software that costs nothing to run on a web server. Let me know when the class action if filed. I suspect they will get off with nothing.... Have to use this for case law, if they can get buy with this with no one being accountable why should I be responsible for any of my actions?

so you want me to go to equifax website and enter 6 numbers of my social security? are you idiots?this is why millions have their info stolen

Some informative comments above. Probably they need to set up some new PIN number system to control all the ID's stolen. They're not going to, unless they do biometrics, and that's asking for an eye ball gouging or a finger amputation by the criminals. If you get your biometrics stolen how can you change that, get new finger prints or a new eyeball? Repubs don't care to protect anybody but the very corporations that they have turned loose on us. The nature of a company, of free enterprise is to make as much money as possible in as short a time as possible. How is the FTC or any other regulatory agency going to control that when the "free market fundamentalists" insist on removing any regulation that stands in the way of their quick and tidy profits? And Trump, a billionaire, cares about working people? How is that even possible? He wouldn't know which end of a shovel is up, never worked a day in his life. Has no respect for anybody unless they've got more money than he, and then only until he can rip them off, so you can imagine what he thinks of the working people who are the backbone of any society. Since Reagan, voters have been suckered to vote against their own interests in favor of those who used to tout pro-gun, anti-gay social platforms and said getting big government off of the back of the people was their platform. Yeah, no big government, so how are we to stand up and fight against some multi-billion-dollar company if they've stomped on us? The old adage, "If you want to live like a republican, vote for a democrat," still holds. But Americans voted for this, and now they're going to see how smart their voting turned out. Welcome back Medieval Dark Ages 2.0.

They're just going to shut down, period. Who's the guy in charge of the EPA? Scott Pruitt, who sued the EPA 15 times as AG of OK. And who's the head of the DOE? Rick Perry from Texas who said DOE is one of the agencies he'd shut down if elected Pres, but he couldn't remember the name of the agency, "Oops", remember him? Now he, like Pruitt run the very same agencies. Think they're gone by now, huh? Why's the FTC still here? They're gonna shut it down, period.

I do NOT a cell phone and do not text. How can I go forward with the security process?

This entire incident has been handled very poorly by Equifax, and the FTC should step in and demand they do more to protect consumers in this case. I placed a credit freeze with them earlier in the year as my mail had been being taken. I just received a letter from Equifax dated Oct. 23 that my credit or debit card information used to place a credit freeze was accessed during the data breach. Really? It took them this long to send this letter regarding a breach announced on Sept. 7? Thank heavens my bank is more on top of it than Equifax. They called me a few weeks ago regarding some suspicious charges on my debit card and immediately canceled that card number. Equifax should take some lessons from them regarding timeliness and customer service.

has anyone talked to an actual person at any of these companies? everytime I try, I only get so far, and then nothing

Absolutely the worst company I have ever dealt with. Nothing on-line happens quickly. All of their waiting times are ridiculous and never accurate. Even confirmations never happen at all. Even worse, their reps are hard to understand and are rude and apparently are under the strain of high call volume. Good luck with dealing with them.

Thanks, Uncle Sam, for being part of the problem.

Why is the FTC OK with consumers being required to inquire whether their information was included in "the breach"? Equifax should be required to notify all affected consumers. For that matter, why does the FTC perpetuate the farce of allowing credit reporting agencies to collect personally identifiable consumer information yet apparently does not require those agencies to implement safeguards against cyber intrusion? If the answer to that is that it is not possible to truly safeguard the data base the next question should be why the hell is collecting and storing that information allowed? That was a rhetorical question. In spite of all the "Harrumphing" for the cameras by Senators and Congressmen it is, after all, about money. Big money.

Too little, too late, now that information I NEVER PROVIDED TO ANY CREDIT REPORTING AGENCY circulates in cyberspace to close the proverbial barn door. Yet it falls to ME to contact this agency to ascertain if my information was "stolen"?

Curious if there will be any criminal indictments of Equifax honchos that very obviously benefited from this "data breach". Probably not. Congressional dog and pony show laughingly called "hearings" on this matter is already yet a fading memory. And on we go.

How did they get the right track and control my information in the first place? Then they control when and how I can view it. And when they mess up I suffer the consequence? This needs to be changed.


Leave a Comment