Cyber Security Resource Center: The Equifax Breach

September 15, 2017

Get the latest information and guidance from Woodruff-Sawyer about steps you can take to protect your personal information following the Equifax breach.


If you have a credit report, you are likely one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.  As a credit reporting agency, Equifax gets information from credit card companies, banks, lenders and retailers to help determine a person’s credit score.

According to Equifax, the breach lasted from mid-May through July.  Hackers accessed people’s names, social security numbers, birth dates, addresses and, in some instances, driver’s license numbers.  They also stole credit card numbers for approximately 209,000 people and certain dispute documents with personal identifying information for approximately 182,000 US consumers. Equifax will direct mail those consumers who have had credit card numbers and dispute documents impacted.

Equifax has also identified unauthorized access for certain UK and Canadian residents. Equifax has not released details on next steps for those UK and Canadian consumers that may have been impacted.

There are important steps you should take to help protect your information from being misused (resources provided by Equifax can be found on their site, https://www.equifaxsecurity2017.com/):

  • Find out if your information was exposed: Check your potential impact by typing in your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.

There have been reports that the site provides inconsistent results when checking for potential impact. Equifax has stated that this issue has been resolved. If you have received notification through the site that your data has not been compromised, we recommend re-checking this site as a precautionary measure. Even if it is not clear whether your data has been compromised, consider taking additional protective measures and keep close watch on your credit reports.

  • Credit Monitoring: Whether or not your information was exposed, Equifax will provide US consumers a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until November 21, 2017 to enroll. You may also want to consider paying for a third-party service like IDShield or LifeLock as independent monitoring companies track more than your credit file to spot suspicious activity – which is key, given it is unclear if the attackers manipulated or changed Equifax’s database. Some credit card companies may also offer identity theft and monitoring services. Review those benefits to see if they may be applicable to you. While Equifax is offering complimentary credit monitoring services for one year, the risk to your sensitive information may extend beyond that timeframe. Consider taking longer-term protective measure.

Following concerns raised by consumers that the terms of use for the site www.equifaxsecurity2017.com and the complimentary credit monitoring service may limit a consumer’s legal option as related to the cybersecurity incident, Equifax updated their frequently asked questions to clarify the following:

  • Language prohibiting consumers from taking legal action has been removed from the Terms of Use of the site.
  • Terms of Use on www.equifax.com will not apply to the complimentary credit monitoring product.
  • The arbitration clause and class action waiver will not apply to consumers for claims related to the free products offered in response to the cybersecurity incident or for claims related to the cybersecurity incident itself.
  • The prior Terms of Use for TrustedID Premier, the credit monitoring product, will not apply to consumers, irrespective of when those consumers enrolled, even if it was before the cybersecurity incident.

Here are some other steps you can take to protect yourself after a data breach:

  • Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting annualcreditreport.com. Accounts or activity that you don’t recognize could indicate identity theft. Visit IdentityTheft.gov to find out what to do.
  • Consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name is really you.
    An initial fraud alert will protect your credit from unverified access for 90 days. For victims of identity theft, an extended fraud alert will protect your credit for seven years. Once a fraud alert is placed on one nationwide consumer reporting agency, it will be automatically placed on the other two nationwide consumer reporting agencies.
  • Consider placing a credit freeze on your files. A credit freeze, also known as a security freeze, makes it harder for someone to open a new account in your name. Lenders, and others seeking credit information, cannot access your information unless you temporarily or permanently remove the freeze. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts. The Federal Trade Commission lists more details on how to place a credit freeze here.

Note that in light of recent events there has been a flood of requests so many are experiencing difficulties such as long wait times, and there may be additional charges to implement a freeze for each nationwide consumer reporting agency. A credit freeze is free to victims of identity theft who have filed a police report.

Equifax is also providing a service known as FileLock which is an Equifax-specific credit freeze, available as part of the complimentary credit monitoring service being offered to US consumers. This service will only lock your Equifax account, not those from Experian or Transunion.

  • Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
  • File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS. For more information, visit the FTC site here.

Reminder: remain wary of imposters attempting to scam additional personal and sensitive information following the breach. Equifax is not calling consumers to verify information.

Visit Identitytheft.gov/databreach to learn more about protecting yourself after a data breach.