From Our Blog

The Equifax Breach may affect many consumers whoc can protect themselves by enrolling in credit freezes or set up fraud alerts.

The Equifax Breach: What it means for you

On Sept. 7, Equifax announced that for just over two months this summer criminals had infiltrated its systems and gained access to the consumer information of millions.

In the aftermath of the breach, consumers who sought understanding on the Equifax website only came away with more troubled questions. Lack of information, a scammy-looking website redirect and questions about what to do next, among others, all weighed on consumers’ minds.

Here are answers to your some of your most pressing questions about the breach:

How do I find out if I was affected?

According to Equifax, information for about 143 million U.S. consumers, in addition to some Canadian and U.K. consumers, was compromised. The credit bureau set up a website to help people determine whether they were one of the many:

However, according to Brian Krebs, a journalist reporting on cybersecurity through his highly respected Krebs on Security blog, the website is unreliable. It asks for a last name and the last six digits of the consumer’s Social Security number. Upon entering the requested information, consumers are told whether or not they were included in the breach. But some report getting contradictory information for the same name and digits entered at different times.

Further, identity theft experts caution consumers against entering even portions of their Social Security numbers into online forms, USA Today reported.

“If you’ve got the final six, it’s not hard to get the first three – and then the genie’s out of the bottle,” Travis Mills, president of LibertyID, an identity theft restoration company, pointed out to USA Today.

Krebs suggested to just assume you are one of the many affected.

Will finding out if I was affected waive my rights to participating in a class-action lawsuit against Equifax?

Upon checking to see if their information was accessed in the hack, consumers were first given a terms of service agreement that they had to consent to before moving forward. The agreement seemed to say that, if you were checking to see if you were affected, you were also waiving your rights to file or take part in a class-action lawsuit against Equifax.

After consumers voiced their concerns online, New York State Attorney General Eric Schneiderman tweeted that the language was “unacceptable and unenforceable,” USA Today reported.

Equifax clarified that the clause doesn’t apply to the security breach, but rather to the bureau’s free credit file monitoring and identity theft protection products.

What should I do if I was affected?

Consumers have the ability to place a credit freeze on their accounts or set up fraud alerts.  

Krebs advised consumers to freeze their credit. By doing this, you’ll prevent anyone – hackers, creditors, landlords, etc. – from being able to access your credit file. Before deciding to place a credit freeze, consider your personal situation.

If you think you might be applying for credit soon or think you might need quick credit in an emergency, it might be better to simply place a fraud alert on your files with the three major credit bureaus. A fraud alert puts a red flag on your credit report which requires businesses to take additional steps such as contacting you by phone before opening a new account.

You can also sign up for free credit monitoring. This won’t prevent thieves from stealing your information, but it makes sure you know your information is in the wrong hands sooner, which will help you act quicker. Equifax offers the service, which you can sign up for when you access However, Krebs noted that hundreds of companies offer the service.

Freezing your credit may make it more difficult to sign up for credit monitoring. It may be helpful to get credit monitoring first, then freeze your credit.

You should also take advantage of the free annual credit report offered by each of the bureaus. Request yours by going to Review it to make sure all information is correct.

What should I do if I wasn’t affected?

Even consumers who weren’t affected would still benefit from signing up for credit monitoring, establishing a fraud alert or freezing their credit, and periodically ordering and reviewing their credit report.

If you were one of the lucky consumers who wasn’t affected by this hack, don’t assume you’ll be spared in future cybercrime. CNBC pointed out that all consumers are at risk of something like this happening sooner or later.

How do I freeze my credit?

First, you’ll need to reach out to the three major credit bureaus – TransUnion, Equifax, and Experian – and let them know  you’d like to freeze your credit. Applying to freeze your credit can usually be done online and may cost a small fee (depending on which state you live in). According to Equifax, security freeze fees for non-victims are:

  • $5 in Minnesota.
  • $10 in Iowa.
  • $10 in South Dakota.

In all three states, the freeze is free if you can show that you are a victim of identity theft. It’s important to note that these fees will be issued for each of the credit bureaus.

Once your credit is frozen, you’ll get a four-digit PIN to use when you need to “thaw” it. Keep this in a secure location.

While a security freeze will keep your credit information under lock and key so criminals can’t reach your information, it can also cause some hold-ups should you ever want to apply for a new credit card or loan. When the time comes for you to apply for a new form of credit, you’ll need to request a credit thaw which could take 24 hours or longer.

Equifax: Call 800.349.9960 or visit its website.

Experian: Call 888.397.3742 or visit its website.

TransUnion: Call 888.909.8872 or visit its website.

Where can I get more information about the Equifax breach?

Download this Frequently Asked Questions (.pdf, 1.26 MB) sheet for information shared by the American Bankers Association.