Equifax data breach: Find out if you’re affected and get protected

Equifax today announced a “cybersecurity incident”.  In other words, they were hacked, and about 143 million US consumers are potentially affected.

Equifax says that the information accessed “primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.”

UPDATE: Before proceeding with the Equifax solution shown below, please read this post: Is the Equifax cure worse than the hack? Here’s what I plan to do…

Ouch.  Luckily Equifax has made it easy to find out if you were affected.  Simply go to this website and fill out the text boxes:

Equifax data breach

Neither my wife nor I were affected (assuming this site is working properly!)

Protect yourself, for free

After checking your status, you can begin enrollment in TrustedID Premier, for free, by pressing the orange button labelled “Enroll”.  Note that enrollment is not instant.  I was told that I could complete enrollment on or after September 15th:

Equifax describes TrustedID Premier, as follows:

The offering, called TrustedID Premier, includes 3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers – all complimentary to U.S. consumers for one year. The website also provides additional information on steps consumers can take to protect their personal information. Equifax recommends that consumers with additional questions visit www.equifaxsecurity2017.com or contact a dedicated call center at 866-447-7559, which the company set up to assist consumers. The call center is open every day (including weekends) from 7:00 a.m. – 1:00 a.m. Eastern time.

More details about this stuff can be found here: equifaxsecurity2017.com

About Greg The Frequent Miler

Greg is the owner, founder, and primary author of the Frequent Miler. He earns millions of points and miles each year, mostly without flying, and dedicates this blog to teaching others how to do the same.

More articles by Greg The Frequent Miler »

Pingbacks

  1. […] Equifax today announced a “cybersecurity incident”. In other words, they were hacked, and about 143 million US consumers are potentially affected. Equifax says that the information accessed “primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.” Ouch. Luckily Equifax has made it easy to find out if you were affected. Simply go to this website and fill out the text boxes:LEARN MORE! […]

Comments

      • I’d edit your post, Greg. After doing this, I wouldn’t recommend to ANYONE to go through this web site and be signed up for a program I didn’t opt in to, and I got no information about whether I was affected or not.

        • You are not signing up for anything on this site, just checking if you’re affected.

          You can choose to sign up (or not) after the date they tell you.

        • No he’s right. You’re not sigining up for anything. Just because they give you a date to sign up doesn’t mean you have to do it.

          That said, fuck them for making the language unclear.

      • I did the initial enrollment and Equifax it didn’t appear I was affected. On the day to complete enrollment, I was told it also didn’t appear that I was affected, but when I clicked ENROLL anyway, same message but it didn’t load until the SECOND CLICK, then it told me it appeared I WAS AFFECTED. These guys suck. I was told three times I wasn’t affected until I finally got “enrolled”, HOWEVER to complete the registration I have to wait for their email (which Equifax suggested may be in my spam where they are hoping I will forget about it). When I do find my email, apparently it won’t arrive for several days, I need to complete the enrollment process.

    • From the FAQ:

      Regardless of whether your information may have been impacted, we will provide you the option to enroll in TrustedID Premier. You will receive an enrollment date. You should return to this site and follow the “How do I enroll?” instructions below on or after that date to continue the enrollment and activation process. The enrollment period ends on Tuesday, November 21, 2017.

  1. Same here. I’m assuming I was affected, since I too got a message with a date when I have to return to the site to enroll. But they really should have started the message with a line saying, something like, “We are sorry to inform you that you may have been affected by the cyberintrusion.”. This really sucks & there’s not much information out there…

  2. I got this message “Based on the information provided, we believe that your personal information may have been impacted by this incident.” I clicked Enroll and it took me to sign up. Not ready to jump on it yet.

  3. The only good thing about having had my ID stolen 2+ years ago is that I don’t have to worry about this incident. Or any incident.

    My info is out there and always will be. Have a 7-year Fraud Alert at all the credit bureaus, which makes it difficult to apply for new CCs but does provide excellent financial protection.

  4. 143m is >40% of the entire US population. I think it is fairly safe to assume if you don’t see the “you’re not affected” message you are.

  5. Crap. I did mine and got no confirmation either way. Just a sign-up date. Then I did a completely fake one and it said I wasn’t impacted. So for everyone with no definitive confirmation like me… we’re probably screwed.

  6. Among the heaps of things that suck about this are the fact that they waited months before mentioning this to the poor suckers who are ultimately being affected by this (i.e. is), and that, having announced the one year timeline, any criminal just has to wait one year and a day for this minimal effort to expire. Since this is their fault, and they’re the ones entrusted with the data to begin with, this service should be free for life for anyone who had their data taken through their carelessness. I’m one of the many so affected, and pissed about it doesn’t even begin to cover how I feel.

    • I agree! PLUS, why do these bureaus even exist?? They only serve the banks, not the consumers. Consumers must jump through hoops and red tape just to make sure their scores are high enough just to have the “privilege” of getting one of the banks credit cards and go into more debt. OH JOY! (sarcasm).
      The biggest scam ever. These bureaus should be abolished. They’ll give out your info to anyone that requests it. Who needs hackers, when you have these guys just giving out your info like candy?!

  7. Three strikes as far as I’m concerned, They’re trying to get out cheap.

    1) You shouldn’t have to guess if you were affected.
    2) There shouldn’t be a delay to enroll.
    3) They should remind you if you don’t enroll.

  8. Massive fail for them, first the breach and then this ambiguous way of finding out, or not, if you’re affected. Then, telling you to sign up for credit monitoring service, but you have to remember to come back to a link in 5 days. Who thinks up this stuff???

  9. I got the same vague notice to check back next week so I called the toll free number they gave out for questions. I had to ask 3 times whether merely getting the notice to check back next week meant I was/was not affected. Finally, after reading the press release to me, the rep admitted he did not know. I asked to speak to a supervisor and was told someone would call me in 3 business days if I left my name and number.

  10. Have to say Greg, I expected at least some complaint in your post–this really really shouldn’t have happened. The breach was through a web security flaw. Okay, those happen. But the data in question shouldn’t have been on the same network as the web server. Basic security practice. Ridiculous that these chumps are given access to such stuff.

  11. If you sign up for any services from Equifax, including TrustID, you agree to their terms which state you waive the right to participate in a class action or class arbitration against them. Very convenient.

  12. “Based on the information provided, we believe that your personal information may have been impacted by this incident.

    Click the button below to continue your enrollment in TrustedID Premier.”

    Great. What’s my next step? Sign up for LifeLock?

  13. I was told that I am affected when I input my info, so evidently if you see nothing you probably are not. However, the language is VERY confusing. Also, if I have to give up class action status to get the monitoring, it’s not worth it. This one is inexcusable. So is hiding the info and so is three top execs at Equifax selling massive amounts of stock after the breach was found, but before it was announced.

    • Isn’t that illegal? Didn’t they go after Martha Stewart back in 2004 for the same thing. Isn’t that called ‘insider trading’? Why aren’t there charges being brought against those executives? Did they pay off some officials with that windfall of $$ they received?

  14. This is terrible. What proactive steps do I take? change everyone of my passwords? No info given on what info of mine maybe at risk? Is it my address, my social, my banking info….

    This is an absolute joke.

    I’ll take what’s left of my financial worth and short their stock……

  15. Not sure if I am being too calm about this but there is a new hack every week. Yes this one involves SSN and DL# etc but hey there are 143m Americans impacted. There is nothing you can do unless you want to try to change your SSN and DL. Sign up for the credit monitoring, use it, and stay alert.

    • Plus, I think that the SS number was initially never meant to be an ‘identifiying number’ to be used for identity purposes. They should be using random 9 digit numbers that can be changed every year (like what they now have on driver’s licenses).

  16. I too went to their page to see if I was affected and got no info, just the link to sign up for monitoring. So I went back to check the source code on the page that should have said one way or the other and code for both affected and not affected was there, just that neither one was triggered. I’m going to check back later to see if I get a different result.

  17. Equifax is doing a terrible job of handling this. My check showed I was affected. Enrolled in the protection plan and cannot sign up until next week. Why the delay? The info is out there NOW. Guess the bad actors get a week to work on the data before we get any protection. To add insult to injury, now I have had to pay Equifax $10 to put a freeze on my credit. But the really insulting part of this is the report that 3 senior Equifax execs sold their stock ($1.8 mil worth) before issuing the report on the hack. All around bad!

  18. I did not get the confusing “Thank You” message. However I did have 2 fraudulent charges in France on 9/7. Also a friend in Mexico had fraudulent charges in Mexico the same day. Coincidence?

  19. Oh fun. My Social and birthday were used 3 or 4 years ago, but no cc info. I was told that my info could be dormant for years and then resurface to be used again, Since it was my ss# I’ve been paying for monitoring (not w Equifax but w Experian) and so far so good. I was considering dropping it at the end of the year but guess I won’t for now.

  20. I also went to the link to check if I was affected, it told me I was not, but my husband was! Now they want us to wait until next week?
    The three credit agencies charge a fee for placing a freeze, it depends of the state, if you are not a victim of identity theft.
    But I have the same question, why do we need to pay? if our information was compromised, we are victims or not?

  21. I went to the equifux site and it said I “may” have been compromised. So i did the initial sign up, and they sent an email for the ‘full’ sign up. when I clicked on the email to sign up, it said:
    “Our records indicate that you have already enrolled and activated the TrustedID Premier product. Attempting to enroll again is not necessary.”

    HUH? I do NOT remember ever signing up previously to trusted premier, so what’s going on? Unless it was when the store “Target” got hit and they offer free monitoring, which I think I might have signed up for? Very odd.

Leave a Reply

Your email address will not be published. Required fields are marked *