The Equifax Data Breach: What to Do

Share This Page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, www.equifaxsecurity2017.com. (This link takes you away from our site. Equifaxsecurity2017.com is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting annualcreditreport.com. Accounts or activity that you don’t recognize could indicate identity theft. Visit IdentityTheft.gov to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit Identitytheft.gov/databreach to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.

 

 

Comments

Is the site operated by the same one that established Obamacare? Performance of the site is exactly the same.....non existent.

that isnt how it works... the site was unavailable likely because a whole bunch of people were doing the same thing you were and it was overloaded.

No one hacked you, the page simply timed out.

I requested reports from all 3, reviewed my Experian and Transunion reports but when it came to move to the 3rd, Equifax, it erred out and said the site was unavailable. Unlikely that you were hacked when you initiated it from a legitimate site. I then tried a 2nd time to request only the Equifax report and it said I couldn't do so online and gave me a form to request it by mail instead ... so maybe in 6 mos. I'll get something. Hello 1980. We're back.

Same this with me. I am intitiating Freezes at all agencies.

Even if you freeze it, think about they will charge you $19.99 or a few. So either way Al three bureau will be making money out of us! They need to contact us and freeze everyone account/data.

You have a lot of nerve telling us 2-3 months after the fact.
You must think we are really dumb!!

I totally agree. It's almost like credit score companies want hackers to do their dirty deeds before anyone is told.

The FTC didn't do anything wrong here. Equifax did. The FTC is trying to help people figure out how to protect themselves since companies don't care one bit about keeping sensitive information safe.

The FTC is letting equifax get away with this, so they share the blame

If you think the FTC isn't gearing up to sue Equifax into the stone age, you don't know much about the FTC. These sorts of things take time to develop, and they just disclosed three days ago.

The FTC DID do something majorly complicit in my mind. They are helping Equifax to strip affected victims of legal recourse by 1) telling consumers to sign up with Equifax for free credit monitoring, and 2) not telling consumers that they will be agreeing to give up their right to sue Equifax.

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

OK... FTC did nothing wrong??

First off... Equifax didn't protect our valuable information.

Now... they and this Lawyer for the FTC... are telling people to log back into the company that was just got breached and give them their last names and 6 numbers of their Social Security Number. (Not the last 4 of your SSN... but now 2/3rd's of your whole SSN!!!)

Why in the "H E double hockey sticks" would anyone go back to this place that just compromised your info to CONFIRM your existing info on their system.

This sounds like the hackers came up with this plan, just to confirm the ID's that they stole!!!!

On top of that... it was reported on local news last night, that those people that sign up for this, agree to giving up some of their rights in a Class Action Lawsuit against Equifax...if there is one.

Now thanks!!! Like someone else said earlier... Laywer Up.. (Althought I hate Laywers)

Equifax should pay dearly for their lack of protection of the information that they have.

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

Right to the point! I don't have to post any longer.

Yeah, by telling us to enroll in Equifax's program, you lose you right to sue them. That's not helping, sounds more like collusion.

Thank you for your comment. Equifax’s “FAQs for Consumers” includes the question, “Do the TrustedID Terms of Use limit my options related to the cyber security incident?” and this response:

“The arbitration clause and class action waiver included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

I agree that the FTC is trying to help, but they did something wrong. By posting the Equifax joke of a website, the FTC most certainly did do something wrong and they should correct it.

That's incorrect. FTC under FCRA has oversight to ensure compliance in the privacy of information held by the credit reporting agencies (CRA). FTC has not done enough to ensure these companies are keeping our data private--that is, encrypted. The FTC is just as behind as the rest of the US government on cyber security.

Some companies care, but only if it means doling out the information for free. Most consumers readily don't care one bit about keeping their sensitive information safe, since that's the cyber world we live in.

I want to know why Equifax has my information anyway? I never opted in or gave them permission to access my information. To me that is troubling. Why is it that hundreds of thousands of people don't even know they are Equifax "customers"? They need to be in trouble for cutting corners and not protecting us. Their unknowing customers.

Add to this when you call the number its busy!

I tried for days starting in Nov., 2016 and got a busy signal. Maybe a bogus number?

Dear AH - your comment should be directed to Equifax not the Federal Trade Commission. This information was just released on Thursday by Equifax. I am Thankful for the info provided here.

HR
Be aware that signing up for EquiFax "free" Identity monitoring waives your right to join a class action against these criminally irresponsible bums. Put a security freeze on your accounts at all bureaus. You'll have to plan ahead to lift it if you plan to apply for a loan but better than the worthless ID tracking.

the ftc allows companies like this tom exist. dont blame the barbed-wire fence if you rip your skin. blame the farmer who allowed it to exist

Agree that most criticism should be directed to Equifax. Those who endorsed Equifax's response deserve some criticism as well. The information provided by the FTC on how to freeze your credit and to get the yearly free credit reports was great. Passing on the info from Equifax was not without warning us was not good at all.

I agree. This FTC web site was very helpful to me in deciding what I need to do. I do not trust these companies at all. Another helpful site was Senator Elizabeth Warren's which directed me to her tweet to get good advice.

FTC is not responsible for reporting, the breached party is. For a breach this size, a lot of forensic work must take place to confirm what happened and who was affected. Six weeks for a breach of 143 million records is actually very good and within the law. One assumes Equifax immediately contacted FBI and FTC as soon as it happened so investigation can take place to trace it back to the bad actors. If you haven't taken precautions against breaches in the past, let's hope that you will now take the recommended precautions. Breaches are not a matter of "if" they will happen to you, they are a matter of "when."

Equifax didn't immediately contact the FBI and FTC. After the execs learned of the breach they immediately sold stock! Then maybe sometime after selling their stock they contacted the FBI and FTC. INSIDER TRADING!

Is that like insider trading????

JM. As an educator working in Special Education, I once told a student that he could walk and chew bubblegum at the same time. I mean by this that Equifax could have begun notifying us of such a breach of security and whose personal info was compramised weeks ago. Furthermore, you talk as if we are each responsible for our info held by Equifax. If any breach of our personal information is inevitable, as you state, then the burden of any liability for such breach is soly the responsibility of those who choose to gather our personal information, like Equifax. Why should I take precautions? I am secure with my personal info.... Equifax does not have to gather my info. You sound like a spinner for Equifax, a minion and spin doctor for their lack of security. I personally have never had a breach of my personal information and do not expect to get hacked.

I never gave them my personal info. Crazy thing is I got a call from scammer about a month ago, they had my credit report and unable to get through Equafax number to discuss scammer with anyone. I am really pissed off!!!

"One assumes Equifax immediately contacted FBI and FTC..." I assume nothing of the sort. If I were the assuming sort, I'd assume that Equifax covered their tails FIRST and THEN reported it.....

Let's hope the government takes the recommended precaution of shutting this worthless company down and giving any proceeds to the Electronic Frontier Foundation, which understands how to provide real cybersecurity for those who aren't so greedy that they won't pay for it.

Six weeks is too much of a time to let the hackers misuse the data and let the consumers be exposed to misuse of their information. Please be informed that the disclosure of breach must be as soon as it is identified rather than doing the forensics. I disagree to the point that if something is within the law, it is good. That may mean that the law needs to be updated...Consider GDPR that would impose 72 hours to make a disclosure...

It doesn't take a genius to see the game played here. Equifax allowed a breach and is now actively using marketing and pushing people to use their ID monitoring service. Convenient. Nothing like securing clients. The FTC should look into that if nothing else as a motive.

You sound like u work for Equifax

Actually, Equifax top leadership's immediate calls were not to the FBI or FTC but to their stockbrokers. They unloaded almost two million in stock and exercised millions more in options, a clear case of insider trading. So trust Equifax at your own risk: they are all clearly looking out for themselves.

Burn it down, salt the earth, exile their executives, and outlaw their "business" forever.

Our tax dollars at work! Cause the gov't does good things you really need!

The bad actors are equifax for being incompetent and not properly protecting our data.

Further reason to trust your representatives and capitalist corrupt corporations.

thanks guys, for the 60yrs i get to monitor identity and monetary fraud, daily. Until i die.

thanks exaifax. thanks lobbyist. thanks ftc. thanks guys for forcing us to participate in your system that has no empathy.

i hope your jets are fueled and your in-ground pools are warm. enjoy your caviar and take in the sun. on us, the people

For a company as personally influential as Equifax, this should have never happened. Period. Let's hope THEY will now take the required precautions with the precious information we must give them.

How convenient for at least 3 top executives of Equifax to have the time to unload approximately $1.8 million worth of stock while the 143 million of us were most likely having our stolen identities and bank and credit card account numbers and good credit sold on the dark web to thieves around the world, time in which we could have been setting up fraud alerts and placing security freezes on our credit. How can we not be skeptical when we hear of such audacious behavior by those in high positions of a credit collection and reporting company (1 of the big 3) which also offers security monitoring and protection for -of course a price.

Who within Equifax is being charged with a crime of failure to protect public data? You, the US Govt., essentially grant these no-name shadows the monopolistic right to control our lives at the behest of the largest international banks.

And you serve no value to the individual citizen when you pretend to tell us all about how to protect ourselves while you at the same time do the bidding of a few large companies. In truth, you are betraying the citizenry of this country.

Send an Equifax executive to jail for betrayal of public trust, then I will value your existence. Otherwise you are useless, and liars to boot.

"If you haven't taken precautions against breaches in the past, let's hope you will now..." Please help me understand why you seem to imply that we consumers are responsible for security breaches that took place at Equifax? Their resolving the problem should be the issue here, not shifting the blame to their victims!

But their execs sold $2 million of dollars in shares 3 days after they found out about the security breach. Is that solving for the customer?

I sincerely hope the SEC take those bloodsucking execs and make pariah's out of them. That's a whole new level of selfish-nepotism. If I was a family member of one of them, I'd disavow my relationship and wish them a safe journey down to hell. Sold that stock, sold their souls.

I was thinking the same thing.

They had to give the CEO and others time to sell off shares while they were still worth something

Pages

Leave a Comment

Comment Policy