You are here

The Equifax Data Breach: What to Do

Share this page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, (This link takes you away from our site. is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting Accounts or activity that you don’t recognize could indicate identity theft. Visit to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.




This is a catastrophic breach of information. The sheer magnitude of people affected and the scope of information: SSN, DOB, addresses, drivers licenses, some credit cards, and any other data that they collect. This is not a Target or yahoo breach. It is an issue of national security and NSA is also involved. Consider password resets at nuclear power plants. How do you determine the true identify of people. I froze my credit at the 4 bureaus and will unlock temporarily, if needed. This is not just another breach and "roll with it".

I would like to get the identity theft protection. My problem is I am poor living with epilepsy. I have a decent income with SSI for the rest of my life. I have great credit cards using them like a prepay card. Have not paid interest on one in 28 years. I am in the process of a refinance on my house. I am limited to what I will spend. then about a week ago I had a call. It was a scam. The man asked to speak to __ That was me I just listened to what he was saying. He asked __/___/___ is this your birthday. I stayed quite He then asked ___-__-____ is this your ssi # I said you called the wrong # and hung up. Where did he get this info from?

Identity Services Provider
The U.S. Social Security Administration uses an external data source, or what we refer to as an “Identity Services Provider,” to help us verify the identity of our online customers and to prevent fraudulent access to our customers’ sensitive personal information. Equifax is the Identity Services Provider that provides identity verification services to the Social Security Administration. For more information, please visit www. Equifax. com, (Disclaimer).

So....the SSA uses Equifax as it's designated Identity Services Provider?? Well, that's just great for all of us retirees or soon to be retirees! The thieves really did their homework well apparently! Every time you use the SSA's online services they may launch what the SSA calls a "soft inquiry" to Equifax. That's just great!

I spoke to SSA last week and they told me Experian is the one they use. This is after I could not register my wife with a web portal to SSA. SSA could not verify my wifes info therefore no registration. Key point is not who but the fact that freezing all credit bureau stops anyone registering on line with the SSA. Don't forget there are 4 bureaus including Innovis.

Clear, precise and precisely the issue and the result! The incompetence of Equifax and the FTC in this matter is mind blowing!

Mine came up as a no. I had not been breached

You are right on the money. There was something very fishy about this whole thing from the beginning. The "breach" is very similar to the Target breach and other breaches that have taken place over a period of time, yet no one seemed too alarmed by those breaches. Now, a breach of Equfax (the name, note the name) and everyone loses their mind. Could it also be an experiment to see which company names that are used in a "breach" invoke the most responae from the public. Lastly, who are the hackers? Could they not be from the very corporate USA?

If our information is floating around now, how will they recover it? I assume that information, my personal data, has been copied and sold over and over between May and now. How do we get compensated for their failure? My credit may not be affected now but who will protect me in the coming days?

Or years

With regard to a hoax re: the Equifax breach, I've considered that possibility and am unwilling to say yes or no for sure. However, when it said "maybe" for both my SS # and my mom's SS #, on a suspicion I entered my dad's SS number, as well as a different person's name with a SS number I made up, and in both cases it said "not breached." The suspicion is widespread but I'm not sure it can be proven either way. The one thing I'm sure of is that 143 million is a lot of persons, and IF that much data was compromised, a lot of people are going to get a "may" have.

Finally someone who has both common sense and knows the truth.

Let's face it. Not a single entity, no government, and no corporation can be trusted. Corruption, incompetence, and arrogance are all entrenched in the very fabric of this country. There is no such thing as privacy and it isn't a matter of who but of when you will personally pay for it, if you haven't already.

I entered my grandson's info & it's states that his information was not affected. This makes sense because he has no credit history. He's well under the age of 18.

Very informative. Thank you

Credit monitoring is a joke. I paid for a year a while back and I went on a shopping spree and ended opening up two department store cards. I never once got a notification these two lines of credit were open... I totally forgot about the credit monitoring service till my daughter asked me about it. Take your money for nothing!

HELLO? Who do you all think did the hacking? The same companies that are now going to make millions, supposedly monitoring your credit for you!!! DUHHH! It's the scammer's best scam ever and millions are going to fall for it! You'll provide information to sign up so the hackers will have even more amo to use.

WHAT IS that the FTC, the federal government, sends you right back to Equifax to check your identity breach, which, as you pointed out, is bogus. Why are we not checking our identity breach at a government website like the IRS. There is a bunch of insider crime going on both at Equifax and the government if you ask me. My bank website directed me to the FTC to check a breach and the FTC directs you to Equifax. This is very, very scary!

I have said and written this myself. It is a scam to make the rich richer the poor with less. Now what do we do. They can pay off my house,car,all loans, anything affected. then freeze all my info until I am dead. (Please do not try to kill me for this thought) Then give us each a large sum of cash. Something to pay for our time involved in fixing the problem they created. I will set up my freeze and never open another account. They are rich and have the money. So do what is right to help all. I have many more thoughts and ideas. My best one. I ask the rich to step down bring the poor up. Not in a capitalist way ant not in a communist way but in an equal way. We don't need money we need humans working together as a team. as no one human is perfect and any human can do something better than another and any human offering to do something for the benefit of society deserves the same as another.We do not need Rich and Poor. We need equal. Once again to those at the top. Please do not kill me for my thoughts

I suspect a hoax. If you put a random name in the Security 2017 Potential Impact checker, it always says you may be impacted and asks you to enroll in TrustedID. I tried with 3 different random names and got it every time.

Agreed did the same thing

When I checked my son's on his behalf he was not affected, which doesn't surprise me as he doesn't really have much if any of a credit history. I was though and don't believe it is a hoax...

I concur. I have an established credit history and I put in both my maiden and married names. I was informed I was not impacted so this is not a hoax. I still plan to monitor my accounts, but not through Equifax.

I did the same. I put a random name and random six digits.

Complete hoax. Just tried a few times, made up a name and put in "111111" into the SSN checker and got the same canned message each time.

So we may not have had our ID stolen. I'm in the same boat. I just requested my credit report from the 3 agencies to see if there is anything incorrect. If so, I'll put a freeze on my accounts & then raise hell with Equifax.

and how will you raise hell with Equifax? Please share as I will join you. But I seriously doubt the common people can effect them in any way whatsoever. To them we are like gnats. They have been brushing us and our attorneys off for years

If everyone froze their credit at Equifax it may cripple their business. Way less requests for credit checks should hurt them.

Bottom line... can't trust any aspect of Equifax's software, cyber security, services, management or standards; they appear to put profit before protecting consumer data. And, only way to impact them financially is for their direct Users (creditors, rental agencies, employers, etc) to stop using Equifax to report and inquire consumer data.

They have offices and physical people. Surely you don't think a company that helps someone steal your money won't be treated as an intruder entering you home to do the same, especially these crazy days.

Then how come mine said that I was not effected?

I was husband not. I do not believe it is hoax. I will never sign up for anything they offer

Maybe they use both answers just to make it look official. I think it is a scam to make money. It really makes me angry that I didn't have any control over their having my information in the first place.

I tried with random name/ssn. It says I am not affected

My wife just gave her details, and it says she is not impacted.

I entered mine and a few others. All of them stated, "...personal information was not impacted by this incident"

Same here... I entered my info and it told
Me "you may have been impacted" ... entered my husbands a few minutes later and it says "you have not been impacted"

I also received the response that my "personal information was not impacted by this incident." But what is amazing to me is that after inputting your name and last 6 digits of your SS number, the response comes back instantly. How can the Equifax computer check millions of records instantly to see if there is a name/SS number match? I think the Equifax response is a standard response and they really don't know whose records were stolen.

I put in both of our six digits and both came back NOT affected. I was suspecting a hoax as well because I knew others who were getting the "may" response.

I entered my last name & last six of my SS# and my computer virus protection software immediately alerted that the website was infected with malware. I was immediately disconnected from the site. Now I'm wondering if someone has hacked the "fix".

In case someone reads this- there actually was a fake Equifax Security website created by a white hat hacker. Equifax even directed people to the wrong site!
Equifax later apologized but blamed people for not checking that the website was the correct website.

Not trying to stick up for Equifax, but i don't think it's a hoax to get you to sign up. In my situation when i entered my name they said I was part of the compromised group but when i entered my wifes info it said she was not. I'm guessing they are using a decision matrix that if you enter a name and SS that matches their records they give you the actual situation of your compromise. If you enter a fake name and make up a SS and they cant find it in their records, I'm guessing those scenarios default to recommend enrollment as you may be compromised. A default message like that is likely believed to be a less risky position in case of Administrative errors in their database.

My daughter put in her info and it says she was not affected. I did mine, it says I was. So she tried her's again (it was a day after she did it), she got the message she WAS affected. Then tried it again 20 mins later and got the message she was not affected. 2 different days, same name and ss which was valid, and 2 different answers. In fact, 2 different answers on the same day! So....not so sure anyone should believe their result. She has proof...she screen capped the messages.

We put in mymoney and did six digits. said I was impacted

So Equifax makes money from our personal data, sells their stocks at full price ( more money made by them) tells us our personal info has been stolen a couple months late, and makes the ones who've been affected pay ( not even to fully secure your info ), but to monitor it. (More money made by them)....... Sketch!!

And then they have the nerve to post advice on how you can protect your identity! Unbelievable. I've BEEN trying to protect my identity. The problem isn't consumers' failing to do OUR jobs, it's the freakin' companies playing fast and loose with OUR data. And the politicians letting them get away with it, over and over.

Agrueed, this has bs written all over it. Looks like the hack may have been set up with Lifelock parameters. Used to do system config for them.

How so? Are you saying that some of the scanning or validation programs for a monitoring company were compromised?

Most upsetting is a potential security breach has occurred and now they want millions of us to GIVE them our information again, to find out if we were effected! i will wait and see if we get a letter and decide what to do.

It's a scam. Why could you put in a fake last name and numbers and it works. It is just to get you to enroll in the TRUSTID Premier at a "nominal cost" It's B.S. SCAM!!!

The site is very slow to respond right now. Probably getting hit hard.

I had the same experience.


Leave a Comment