The Equifax Data Breach: What to Do

Share This Page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, www.equifaxsecurity2017.com. (This link takes you away from our site. Equifaxsecurity2017.com is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting annualcreditreport.com. Accounts or activity that you don’t recognize could indicate identity theft. Visit IdentityTheft.gov to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit Identitytheft.gov/databreach to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.

 

 

Comments

Equifax, Transunion and Experian service businesses, not consumers. FTC won't fine them cause businesses are not inconvenienced.

When the banks have to pay out money because of fraudulent access to bank accounts and credit cards then something will be done about these credit bureaus.

Totattly agree! I have an issue now! For over 9 months!

I just tried to obtain my credit report at annualcreditreport.com and entered all my personal information and then as it was transmitting it to move to the next step and generate a report, I got a site unavailable error. I am now VERY WORRIED that someone just hacked my info as it was heading to their site. I submitted a contact request to be called back to discuss this issue.

The same thing happened to me.

I got the same... I think the site is probably gettting slammed at the moment.

Same thing happened to me and I retried 10 minutes later and it worked. I suspect that the site is very busy right now.

may be due to so much site traffic.

Because of the data breach millions of people have been trying to access the site, and it's simply not capable of that much traffic. That's why there was an error.

I got the same thing. I think the 3 credit report companies' IT systems are not set up for the deluge of requests that are probably coming their way right now. Who needs Putin when you have Equifax, eh?

Do not be very worried. What you are desceibing is a man in the middle hack. They will not tol for just your data. They do it for hundred or thousands. It is a bussiness. Site unavailable errors would be due tonoverloadong the server with more requests than it can handle... Try later when server is less busu and you will succeed

Karen, you are right to be cautious, and you should be very careful to make sure you are using the secure https://www.annualcreditreport.com site. However, keep in mind that millions of people are checking their credit reports right now, so the most likely explanation for the "site unavailable" error is the spike in volume that site is getting.

I found on the equifax site that they are not providing online credit reports and you need to send a request via mail? very frustrating

Most likely the servers are just overwhelmed. The govt did just tell everyone to go to this site. Try again at "off hours", freeze your credit and monitor your existing lines if credit. Good luck!

Same thing happened when I tried to get my report....scary.

It's likely you received that message due to the high volume of people also requesting reports at this time due to the Equifax breach.

Same. I'm thinking the site servers have crashed. Would be good to know that prior to giving up all your information

Karen, I can understand your concern. I would not be worried about what you described. The site is encrypted, so the chances are pretty small that was the case. Most likely they've had A LOT of people accessing their site and it got overloaded. Hopefully that eases your mind. Best of luck to you.

Is the site operated by the same one that established Obamacare? Performance of the site is exactly the same.....non existent.

that isnt how it works... the site was unavailable likely because a whole bunch of people were doing the same thing you were and it was overloaded.

No one hacked you, the page simply timed out.

I requested reports from all 3, reviewed my Experian and Transunion reports but when it came to move to the 3rd, Equifax, it erred out and said the site was unavailable. Unlikely that you were hacked when you initiated it from a legitimate site. I then tried a 2nd time to request only the Equifax report and it said I couldn't do so online and gave me a form to request it by mail instead ... so maybe in 6 mos. I'll get something. Hello 1980. We're back.

Same this with me. I am intitiating Freezes at all agencies.

Even if you freeze it, think about they will charge you $19.99 or a few. So either way Al three bureau will be making money out of us! They need to contact us and freeze everyone account/data.

You have a lot of nerve telling us 2-3 months after the fact.
You must think we are really dumb!!

I totally agree. It's almost like credit score companies want hackers to do their dirty deeds before anyone is told.

The FTC didn't do anything wrong here. Equifax did. The FTC is trying to help people figure out how to protect themselves since companies don't care one bit about keeping sensitive information safe.

The FTC is letting equifax get away with this, so they share the blame

If you think the FTC isn't gearing up to sue Equifax into the stone age, you don't know much about the FTC. These sorts of things take time to develop, and they just disclosed three days ago.

The FTC DID do something majorly complicit in my mind. They are helping Equifax to strip affected victims of legal recourse by 1) telling consumers to sign up with Equifax for free credit monitoring, and 2) not telling consumers that they will be agreeing to give up their right to sue Equifax.

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

OK... FTC did nothing wrong??

First off... Equifax didn't protect our valuable information.

Now... they and this Lawyer for the FTC... are telling people to log back into the company that was just got breached and give them their last names and 6 numbers of their Social Security Number. (Not the last 4 of your SSN... but now 2/3rd's of your whole SSN!!!)

Why in the "H E double hockey sticks" would anyone go back to this place that just compromised your info to CONFIRM your existing info on their system.

This sounds like the hackers came up with this plan, just to confirm the ID's that they stole!!!!

On top of that... it was reported on local news last night, that those people that sign up for this, agree to giving up some of their rights in a Class Action Lawsuit against Equifax...if there is one.

Now thanks!!! Like someone else said earlier... Laywer Up.. (Althought I hate Laywers)

Equifax should pay dearly for their lack of protection of the information that they have.

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

Right to the point! I don't have to post any longer.

Yeah, by telling us to enroll in Equifax's program, you lose you right to sue them. That's not helping, sounds more like collusion.

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

I agree that the FTC is trying to help, but they did something wrong. By posting the Equifax joke of a website, the FTC most certainly did do something wrong and they should correct it.

That's incorrect. FTC under FCRA has oversight to ensure compliance in the privacy of information held by the credit reporting agencies (CRA). FTC has not done enough to ensure these companies are keeping our data private--that is, encrypted. The FTC is just as behind as the rest of the US government on cyber security.

Some companies care, but only if it means doling out the information for free. Most consumers readily don't care one bit about keeping their sensitive information safe, since that's the cyber world we live in.

I want to know why Equifax has my information anyway? I never opted in or gave them permission to access my information. To me that is troubling. Why is it that hundreds of thousands of people don't even know they are Equifax "customers"? They need to be in trouble for cutting corners and not protecting us. Their unknowing customers.

Add to this when you call the number its busy!

I tried for days starting in Nov., 2016 and got a busy signal. Maybe a bogus number?

Dear AH - your comment should be directed to Equifax not the Federal Trade Commission. This information was just released on Thursday by Equifax. I am Thankful for the info provided here.

HR
Be aware that signing up for EquiFax "free" Identity monitoring waives your right to join a class action against these criminally irresponsible bums. Put a security freeze on your accounts at all bureaus. You'll have to plan ahead to lift it if you plan to apply for a loan but better than the worthless ID tracking.

the ftc allows companies like this tom exist. dont blame the barbed-wire fence if you rip your skin. blame the farmer who allowed it to exist

Agree that most criticism should be directed to Equifax. Those who endorsed Equifax's response deserve some criticism as well. The information provided by the FTC on how to freeze your credit and to get the yearly free credit reports was great. Passing on the info from Equifax was not without warning us was not good at all.

I agree. This FTC web site was very helpful to me in deciding what I need to do. I do not trust these companies at all. Another helpful site was Senator Elizabeth Warren's which directed me to her tweet to get good advice.

FTC is not responsible for reporting, the breached party is. For a breach this size, a lot of forensic work must take place to confirm what happened and who was affected. Six weeks for a breach of 143 million records is actually very good and within the law. One assumes Equifax immediately contacted FBI and FTC as soon as it happened so investigation can take place to trace it back to the bad actors. If you haven't taken precautions against breaches in the past, let's hope that you will now take the recommended precautions. Breaches are not a matter of "if" they will happen to you, they are a matter of "when."

Equifax didn't immediately contact the FBI and FTC. After the execs learned of the breach they immediately sold stock! Then maybe sometime after selling their stock they contacted the FBI and FTC. INSIDER TRADING!

Is that like insider trading????

JM. As an educator working in Special Education, I once told a student that he could walk and chew bubblegum at the same time. I mean by this that Equifax could have begun notifying us of such a breach of security and whose personal info was compramised weeks ago. Furthermore, you talk as if we are each responsible for our info held by Equifax. If any breach of our personal information is inevitable, as you state, then the burden of any liability for such breach is soly the responsibility of those who choose to gather our personal information, like Equifax. Why should I take precautions? I am secure with my personal info.... Equifax does not have to gather my info. You sound like a spinner for Equifax, a minion and spin doctor for their lack of security. I personally have never had a breach of my personal information and do not expect to get hacked.

Pages

Leave a Comment

Comment Policy