You are here

The Equifax Data Breach: What to Do

Share this page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, (This link takes you away from our site. is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting Accounts or activity that you don’t recognize could indicate identity theft. Visit to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.




I say get rid of Credit agencies and do something creative like, have people contact your creditors directly for a reference. And like so many, I wouldn't doubt if Equifax hacked themselves just so they can charge you for monitoring services. So, so, so, very tired of the abuses these businesses get away with.

I think that's a great idea!

Equifax basically controls our lives with the information it provides and if I had my way, they wouldn't exhist. They don't provide me any service except to make my life a living hell. You can't get negative info off and everything else is only providing the fuel for banks and other companies to make a million off your missfortune. They should be fined and I wouldn't put it past them to find out they sold the information.

Seriously! As consumers, we are at the mercy of the credit bureaus, even though it is OUR information that's being used!! They are very pro-business, with little regard for the person whose life they are affecting.


I totally agree..they should not even exist.So what do we do to get rid of them? I'm sure they are politically connected. Enough is enough!!!

This is exactly what I was thinking. I am not going to sign up with their TrustedID. I will check with the Federal Trade Commission and follow their steps. B:)

They should all go to prison!!! ...and then throw away the keys. It's what we all risk might happen to you or I once we neglect to make payments on any fraudulent accounts that get opened in our names, or from any IRS threat notices for fraudulent tax returns filed in our names.

I TOTALLY AGREE with you! Something fishy with this company. I think they should be thoroughly investigated. They removed negative items just for them to reappear again then push their monitoring program. Plus over seas call centers. Check them out FTC!!!

100% agree.

Equifax, Transunion and Experian service businesses, not consumers. FTC won't fine them cause businesses are not inconvenienced.

When the banks have to pay out money because of fraudulent access to bank accounts and credit cards then something will be done about these credit bureaus.

Totattly agree! I have an issue now! For over 9 months!

I just tried to obtain my credit report at and entered all my personal information and then as it was transmitting it to move to the next step and generate a report, I got a site unavailable error. I am now VERY WORRIED that someone just hacked my info as it was heading to their site. I submitted a contact request to be called back to discuss this issue.

The same thing happened to me.

I got the same... I think the site is probably gettting slammed at the moment.

Same thing happened to me and I retried 10 minutes later and it worked. I suspect that the site is very busy right now.

may be due to so much site traffic.

Because of the data breach millions of people have been trying to access the site, and it's simply not capable of that much traffic. That's why there was an error.

I got the same thing. I think the 3 credit report companies' IT systems are not set up for the deluge of requests that are probably coming their way right now. Who needs Putin when you have Equifax, eh?

Do not be very worried. What you are desceibing is a man in the middle hack. They will not tol for just your data. They do it for hundred or thousands. It is a bussiness. Site unavailable errors would be due tonoverloadong the server with more requests than it can handle... Try later when server is less busu and you will succeed

Karen, you are right to be cautious, and you should be very careful to make sure you are using the secure site. However, keep in mind that millions of people are checking their credit reports right now, so the most likely explanation for the "site unavailable" error is the spike in volume that site is getting.

I found on the equifax site that they are not providing online credit reports and you need to send a request via mail? very frustrating

Most likely the servers are just overwhelmed. The govt did just tell everyone to go to this site. Try again at "off hours", freeze your credit and monitor your existing lines if credit. Good luck!

Same thing happened when I tried to get my report....scary.

It's likely you received that message due to the high volume of people also requesting reports at this time due to the Equifax breach.

Same. I'm thinking the site servers have crashed. Would be good to know that prior to giving up all your information

Karen, I can understand your concern. I would not be worried about what you described. The site is encrypted, so the chances are pretty small that was the case. Most likely they've had A LOT of people accessing their site and it got overloaded. Hopefully that eases your mind. Best of luck to you.

Is the site operated by the same one that established Obamacare? Performance of the site is exactly the same.....non existent.

that isnt how it works... the site was unavailable likely because a whole bunch of people were doing the same thing you were and it was overloaded.

No one hacked you, the page simply timed out.

I requested reports from all 3, reviewed my Experian and Transunion reports but when it came to move to the 3rd, Equifax, it erred out and said the site was unavailable. Unlikely that you were hacked when you initiated it from a legitimate site. I then tried a 2nd time to request only the Equifax report and it said I couldn't do so online and gave me a form to request it by mail instead ... so maybe in 6 mos. I'll get something. Hello 1980. We're back.

Same this with me. I am intitiating Freezes at all agencies.

Even if you freeze it, think about they will charge you $19.99 or a few. So either way Al three bureau will be making money out of us! They need to contact us and freeze everyone account/data.

You have a lot of nerve telling us 2-3 months after the fact.
You must think we are really dumb!!

I totally agree. It's almost like credit score companies want hackers to do their dirty deeds before anyone is told.

The FTC didn't do anything wrong here. Equifax did. The FTC is trying to help people figure out how to protect themselves since companies don't care one bit about keeping sensitive information safe.

The FTC is letting equifax get away with this, so they share the blame

If you think the FTC isn't gearing up to sue Equifax into the stone age, you don't know much about the FTC. These sorts of things take time to develop, and they just disclosed three days ago.

The FTC DID do something majorly complicit in my mind. They are helping Equifax to strip affected victims of legal recourse by 1) telling consumers to sign up with Equifax for free credit monitoring, and 2) not telling consumers that they will be agreeing to give up their right to sue Equifax.

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

OK... FTC did nothing wrong??

First off... Equifax didn't protect our valuable information.

Now... they and this Lawyer for the FTC... are telling people to log back into the company that was just got breached and give them their last names and 6 numbers of their Social Security Number. (Not the last 4 of your SSN... but now 2/3rd's of your whole SSN!!!)

Why in the "H E double hockey sticks" would anyone go back to this place that just compromised your info to CONFIRM your existing info on their system.

This sounds like the hackers came up with this plan, just to confirm the ID's that they stole!!!!

On top of that... it was reported on local news last night, that those people that sign up for this, agree to giving up some of their rights in a Class Action Lawsuit against Equifax...if there is one.

Now thanks!!! Like someone else said earlier... Laywer Up.. (Althought I hate Laywers)

Equifax should pay dearly for their lack of protection of the information that they have.

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

Right to the point! I don't have to post any longer.

Yeah, by telling us to enroll in Equifax's program, you lose you right to sue them. That's not helping, sounds more like collusion.

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

I agree that the FTC is trying to help, but they did something wrong. By posting the Equifax joke of a website, the FTC most certainly did do something wrong and they should correct it.

That's incorrect. FTC under FCRA has oversight to ensure compliance in the privacy of information held by the credit reporting agencies (CRA). FTC has not done enough to ensure these companies are keeping our data private--that is, encrypted. The FTC is just as behind as the rest of the US government on cyber security.

Some companies care, but only if it means doling out the information for free. Most consumers readily don't care one bit about keeping their sensitive information safe, since that's the cyber world we live in.

I want to know why Equifax has my information anyway? I never opted in or gave them permission to access my information. To me that is troubling. Why is it that hundreds of thousands of people don't even know they are Equifax "customers"? They need to be in trouble for cutting corners and not protecting us. Their unknowing customers.

Add to this when you call the number its busy!


Leave a Comment