You are here

The Equifax Data Breach: What to Do

Share this page

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, (This link takes you away from our site. is not controlled by the FTC.)

  • Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
  • Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until January 31, 2018 to enroll.
  • You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting Accounts or activity that you don’t recognize could indicate identity theft. Visit to find out what to do.
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.
  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.

Visit to learn more about protecting yourself after a data breach.

Note: This post was updated on October 5, 2017 to reflect that Equifax extended the enrollment period for free credit monitoring from November 21, 2017 to January 31, 2018.




I tried for days starting in Nov., 2016 and got a busy signal. Maybe a bogus number?

Dear AH - your comment should be directed to Equifax not the Federal Trade Commission. This information was just released on Thursday by Equifax. I am Thankful for the info provided here.

Be aware that signing up for EquiFax "free" Identity monitoring waives your right to join a class action against these criminally irresponsible bums. Put a security freeze on your accounts at all bureaus. You'll have to plan ahead to lift it if you plan to apply for a loan but better than the worthless ID tracking.

the ftc allows companies like this tom exist. dont blame the barbed-wire fence if you rip your skin. blame the farmer who allowed it to exist

Agree that most criticism should be directed to Equifax. Those who endorsed Equifax's response deserve some criticism as well. The information provided by the FTC on how to freeze your credit and to get the yearly free credit reports was great. Passing on the info from Equifax was not without warning us was not good at all.

I agree. This FTC web site was very helpful to me in deciding what I need to do. I do not trust these companies at all. Another helpful site was Senator Elizabeth Warren's which directed me to her tweet to get good advice.

FTC is not responsible for reporting, the breached party is. For a breach this size, a lot of forensic work must take place to confirm what happened and who was affected. Six weeks for a breach of 143 million records is actually very good and within the law. One assumes Equifax immediately contacted FBI and FTC as soon as it happened so investigation can take place to trace it back to the bad actors. If you haven't taken precautions against breaches in the past, let's hope that you will now take the recommended precautions. Breaches are not a matter of "if" they will happen to you, they are a matter of "when."

Equifax didn't immediately contact the FBI and FTC. After the execs learned of the breach they immediately sold stock! Then maybe sometime after selling their stock they contacted the FBI and FTC. INSIDER TRADING!

Is that like insider trading????

JM. As an educator working in Special Education, I once told a student that he could walk and chew bubblegum at the same time. I mean by this that Equifax could have begun notifying us of such a breach of security and whose personal info was compramised weeks ago. Furthermore, you talk as if we are each responsible for our info held by Equifax. If any breach of our personal information is inevitable, as you state, then the burden of any liability for such breach is soly the responsibility of those who choose to gather our personal information, like Equifax. Why should I take precautions? I am secure with my personal info.... Equifax does not have to gather my info. You sound like a spinner for Equifax, a minion and spin doctor for their lack of security. I personally have never had a breach of my personal information and do not expect to get hacked.

I never gave them my personal info. Crazy thing is I got a call from scammer about a month ago, they had my credit report and unable to get through Equafax number to discuss scammer with anyone. I am really pissed off!!!

"One assumes Equifax immediately contacted FBI and FTC..." I assume nothing of the sort. If I were the assuming sort, I'd assume that Equifax covered their tails FIRST and THEN reported it.....

Let's hope the government takes the recommended precaution of shutting this worthless company down and giving any proceeds to the Electronic Frontier Foundation, which understands how to provide real cybersecurity for those who aren't so greedy that they won't pay for it.

Six weeks is too much of a time to let the hackers misuse the data and let the consumers be exposed to misuse of their information. Please be informed that the disclosure of breach must be as soon as it is identified rather than doing the forensics. I disagree to the point that if something is within the law, it is good. That may mean that the law needs to be updated...Consider GDPR that would impose 72 hours to make a disclosure...

It doesn't take a genius to see the game played here. Equifax allowed a breach and is now actively using marketing and pushing people to use their ID monitoring service. Convenient. Nothing like securing clients. The FTC should look into that if nothing else as a motive.

You sound like u work for Equifax

Actually, Equifax top leadership's immediate calls were not to the FBI or FTC but to their stockbrokers. They unloaded almost two million in stock and exercised millions more in options, a clear case of insider trading. So trust Equifax at your own risk: they are all clearly looking out for themselves.

Burn it down, salt the earth, exile their executives, and outlaw their "business" forever.

Our tax dollars at work! Cause the gov't does good things you really need!

The bad actors are equifax for being incompetent and not properly protecting our data.

Further reason to trust your representatives and capitalist corrupt corporations.

thanks guys, for the 60yrs i get to monitor identity and monetary fraud, daily. Until i die.

thanks exaifax. thanks lobbyist. thanks ftc. thanks guys for forcing us to participate in your system that has no empathy.

i hope your jets are fueled and your in-ground pools are warm. enjoy your caviar and take in the sun. on us, the people

For a company as personally influential as Equifax, this should have never happened. Period. Let's hope THEY will now take the required precautions with the precious information we must give them.

How convenient for at least 3 top executives of Equifax to have the time to unload approximately $1.8 million worth of stock while the 143 million of us were most likely having our stolen identities and bank and credit card account numbers and good credit sold on the dark web to thieves around the world, time in which we could have been setting up fraud alerts and placing security freezes on our credit. How can we not be skeptical when we hear of such audacious behavior by those in high positions of a credit collection and reporting company (1 of the big 3) which also offers security monitoring and protection for -of course a price.

Who within Equifax is being charged with a crime of failure to protect public data? You, the US Govt., essentially grant these no-name shadows the monopolistic right to control our lives at the behest of the largest international banks.

And you serve no value to the individual citizen when you pretend to tell us all about how to protect ourselves while you at the same time do the bidding of a few large companies. In truth, you are betraying the citizenry of this country.

Send an Equifax executive to jail for betrayal of public trust, then I will value your existence. Otherwise you are useless, and liars to boot.

"If you haven't taken precautions against breaches in the past, let's hope you will now..." Please help me understand why you seem to imply that we consumers are responsible for security breaches that took place at Equifax? Their resolving the problem should be the issue here, not shifting the blame to their victims!

But their execs sold $2 million of dollars in shares 3 days after they found out about the security breach. Is that solving for the customer?

I sincerely hope the SEC take those bloodsucking execs and make pariah's out of them. That's a whole new level of selfish-nepotism. If I was a family member of one of them, I'd disavow my relationship and wish them a safe journey down to hell. Sold that stock, sold their souls.

I was thinking the same thing.

They had to give the CEO and others time to sell off shares while they were still worth something

What responsibility does Equifax assume other than remedial help for a limited amount of time......What if my credit is compromised due to the lackadaisical attitude that Equifax has taken so far toward this horrendous discovery? Do they pay the up to $1,000,000 to repair my credit?

It is my understanding that several executives at Equifax sold stock in their company just prior to the release of this news. If this is the case, people will be going to jail.

I'll believe it when I see it.

it is not so simple to determine what data has been compromised and the must be balanced against the possibility of misinforming the public. you have the notice and now you have been educated on your options. keep calm and carry on

Our information has been used and I have been going thru H _ _ _ dealing with it all and even had to send all the information to them thru the mail because you can't talk to a real person. They knew this was going on and didn't take time to even read what was sent to them.

Not only did they wait 3-months to tell us, but they are making us wait an extra week to sign up for the free TrustedID Premier. Why do I have to wait another week? The people who stole this could do a lot of damage in a week. Why do you have to wait until an "enrollment date?"

And after the top guys sold their stock shares

The biggest reason they didn't release info sooner is because the big wigs, in the past 40 days, sold off millions of dollars in stocks before any info was released! It was their greed that made them keep their mouths shut and our lives in turmoil!

Ah but when did Equifax tell the FTC?

I read that investigators may recommend they not make the information public immediately because it can interfere with them catching the culprits. Not sure this is the case here since some Equifax higher ups sold off stock right away. That bit seems sketchy.

Where is the "Potential Impact" tab?

"Potential Impact" is where you can enter your information and confirm if you were actually impacted. It has been confirmed as a valid entry and no risk.

At the end of the 2nd paragraph they give you this web site: You will see the "Potential Impact" tab on that page!

I know!! Where is it??

Scroll down all the way to the bottom of the page.

IMN-S-HO, not a good place to have put it; "tabs" are usually expected to be at or near the top of a page...

It's on the referenced equifax page:

Took me a while to figure it out too.

click on the link in the article to: - the tab is on that screen.

Thats what I'm wondering

Top left 3 bars and it opens a menu

I meant top right

Could not find the "Potential Impact" tab.

Just assume you were breached. Anyone has a better than 50% chance. I've read in other media article you waive your right to sue and agree to arbitration.


Leave a Comment