You are here

The Equifax Data Breach: What to Do

Share this page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, (This link takes you away from our site. is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting Accounts or activity that you don’t recognize could indicate identity theft. Visit to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.




Help how do I look if my social was taken I can't find the place the link doesn't take me there

You can go to to see if your personal information might have been exposed when hackers breached Equifax files.

If your information was exposed in the breach, go to to learn about protecting yourself.

Useless information. Equifax failed to protect consumers and their "free TrustedId" monitoring comes with no way to opt out of marketing for that year. No thank you. Time to call a laywer. Unfortunate that the FTC is not doing their job and fining Equifax for their failure to inform consumers of the breech that happened in May-July until September. Where is my notice of a breech? Certainly they have my address they are a credit bureau. The FTC needs to step up or shut down.

until you have a loss calling a lawyer will not go well and if a lawyer does act they are probably someone you should be avoiding. it generally takes some time to determine what information has been compromised and a this is a pretty quick turnaround. as for getting a notification - um you did clearly. 143 million people were affected which is half of the us population. no one would expect each person to get a letter. duh -

they send letters all the time and this would have been the best time to get the information out! I for one would think that with all the money they pulled out of stocks could have been used for stamps.DUH-

Of course we have a right to expect that each person would get a letter! They've made a ton of money off of use for years, and they should have done something about this breach when it first happened. I don't care if it costs $70 million to reach us, it needs to be done. Fines? Most definitely! They should be put out of business with the fines they will have to pay. This is beyond inexcusable.

There are already AT LEAST 2 class action lawsuits going. And yes, I expect to get a letter...I don't care if they have to mail out 143 MILLION. Their screw up, so they need to find a way.

The US government sent a letter to every taxpayer in 2001 to tell them that the checks they promised them would be arriving late, and then they later sent checks to every taxpayer. So yea, it is entirely feasible to send a letter to 143 million people.

Do you even understand the concept's of "emotional distress" and "punitive damages".

I am praying there is a class action suit!!!

How about praying that you don't get your identity lost instead. What is wrong with people?

Agree!! I'd for sure rather not have my identity stolen than to have it stolen and be able to join the class action suit!!!

DP, you mean STOLEN, right? I think the FTC should put Equifax out of business, and the insiders who stole their stock before advising us of this fiasco should be on trial for what was clearly insider trading.

Here's what will happen with a class action suit--the lawyers will get awarded millions of dollars for "expenses," while we consumers will get...a $5 voucher towards buying Equifax's credit monitoring service!

I've been involved in class action law suits before, and the only ones who make any money is the law firms. I remember on one suit my final check was $1.34. If there is any justice we who are impacted should each get thousands, but that money will go to the lawyers.

Class action law suit?! You get your $20 and the lawyers get their $200,000,000!

I agree with you.For over 5 months they knew they had a credit breach.

And, when you sign up for the free credit monitoring, you have to check a effectively indemnifying equifax? No thank you. Would rather be a party to the class action suit against them.

And it's also peculiar timing that executives at this company sold off shares of their stock before this story broke.

Surprized that this web site doesnt address the class action law suit. Why in the world would one sign up for the free credit monitoring???? You indeed waive your right! I will sue!

Not only that, you waive your rights to participate in any class action lawsuit

No, you don't waive your right to participate in a lawsuit. Government made them remove that. The lawsuit has to be about the security breach, but not about the 1 year of credit monitoring.

Hey...FTC is on our side.

Well said, Pickles. I agree.

I couldn't agree more! Your spot on!

If you went to the website and entered your name and those 6 digits of your social security number, yo've given up your opportunity to be part of the class action suit against Exquifax. It's in the terms and conditions that no one ever reads. By hitting "submit" you have agreed to everything in Equifax'S terms and conditions.

They debunked this in a thread above. And check the FAQ on Equifax's website. It now states under / frequently-asked-questions / "To confirm, enrolling in the free credit file monitoring and identity theft protection products that we are offering as part of this cybersecurity incident does not prohibit consumers from taking legal action. We have already removed that language from the Terms of Use on the site The Terms of Use on www. do not apply to the TrustedID Premier product being offered to consumers as a result of the cybersecurity incident. Again, to be as clear as possible, we will not apply any arbitration clause or class action waiver against consumers for claims related to the free products offered in response to the cybersecurity incident or for claims related to the cybersecurity incident itself."

That's not true. There are no "terms and conditions" to agree to on that page. You would have to actually agree to terms and conditions for that to happen. Thanks for playing

Care to copy and paste the terms stating that?

There are no 'terms & conditions' on the initial part where you simply enter your last name and the six last SSN digits - it is on the next part where you enter your name and ALL of your SSN. And that page does not have secured emblem on it.

I agree-should have protected our data. But I don't mind getting some marketing mail if it means they r protecting my credit. Equifax told me letters r going out to consumers now explaining how they have been impacted and what to do. They've had the forensic guys in doing their thing to determine what exactly was taken.

No company should get away with these kinds of breaches of privacy. Shut Equifax down. Congress apparently values special interest money over privacy, as their recent and unpopular overturning of internet privacy regulations demonstrates. FTC needs to step up. Challenge the other branches of government. Prevent companies from housing personal data for more than a reasonable time, from requiring consumers provide personal data irrelevant to services offered, and from concealing what information is being collected or hiding it in small print. And companies that can't protect personal information they house ought to be shut down, broken up into smaller companies, or severely penalized. This trend will continue otherwise. FTC, be aggressive for privacy. I want to see Congress suing you for pushing the envelope. We're counting on you.

Completely agree! Where is my notice of a breach? Certainly they have my address.

The FTC is so consumed in their Trump Derangement Syndrome that they can't stop long enough to do their jobs, as if they ever did. Still waiting on my breech letter too.

Can you say class action lawsuit?

Only problem with class action is the only people to get money is the lawyers

Not only that! If you sign up for it you give up the rights to participate in any lawsuit even if your info was stolen and scammers later impersonate you. DO NOT SIGN UP FOR THAT. There are many ways you could monitor your credit yourself on a weekly/monthly/yearly basis.

Yes its time for incompetence to come with a price and a class action lawsuit would be in order.

Perhaps we may use this breach to our advantage. Let 143,000,000+ Americans change their Social Security Number!

Agree that the FTC needs to step. The response by Equifax to offer only one-year of credit monitoring is a joke. The government needs to step in and hold Equifax accountable.

True dat!

So have you confirmed that your info was one of the ones stolen? If so, how?

They lost our information forever but they are only going to provide monitoring for a year for free? Sounds like a way to drum up business. Not fair to the other credit agencies that didn't lose our data!



How can the guardian of credit history do so little when they have exposed 1/2 the population with a high risk of credit fraud. They should do more.

Equifax should be offering everyone lifetime monitoring for free and free credit freeze for life.

That was my question, why are we just learning about
this goodness it's September!!!!!

I agree. Putting your name and social into a site that already has acknowledged a breach is a load of crap. They already have that info and more so why aren't they simply sending me a notice whether I was part of the breach?!! Don't opt out of any lawsuits!!! Of all the places that should have top of the line security and they are getting breached!!! Didn't they learn anything from all the other highly publicized breaches?!!!! I am outraged!

I am equally (more) concerned about my license number. If someone creates a fake license with your number and gets ticketed and that goes unpaid (which obviously it would) you will have warrants out for your arrest. You will not know either. There isn't much out there in regards with how to protect yourself with that issue.

Yes. Equifax should send U.S. Postal mail to each of us informing how we may have been affected including I.D. soc sec numbers

I agree, Equifax if putting a really stupid bandaid on a GSW to the American public. The FTC needs to do much more here. The CO's souls go to jail for insider trading when they sold their stocks before even. Otifying the public that there was a breach in their weak security affecting 1/2 of this country! They should pay to actually fix the problem now matter what it costs them! New SSN's for all Americans with truly identifying information and legitimate papers. Then Equifax should go out of business forever!


Leave a Comment