Equifax today announced a “cybersecurity incident”. In other words, they were hacked, and about 143 million US consumers are potentially affected.
Equifax says that the information accessed “primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.”
| UPDATE: Before proceeding with the Equifax solution shown below, please read this post: Is the Equifax cure worse than the hack? Here’s what I plan to do… |
Ouch. Luckily Equifax has made it easy to find out if you were affected. Simply go to this website and fill out the text boxes:
Neither my wife nor I were affected (assuming this site is working properly!)
Protect yourself, for free
After checking your status, you can begin enrollment in TrustedID Premier, for free, by pressing the orange button labelled “Enroll”. Note that enrollment is not instant. I was told that I could complete enrollment on or after September 15th:
Equifax describes TrustedID Premier, as follows:
The offering, called TrustedID Premier, includes 3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers – all complimentary to U.S. consumers for one year. The website also provides additional information on steps consumers can take to protect their personal information. Equifax recommends that consumers with additional questions visit www.equifaxsecurity2017.com or contact a dedicated call center at 866-447-7559, which the company set up to assist consumers. The call center is open every day (including weekends) from 7:00 a.m. – 1:00 a.m. Eastern time.
More details about this stuff can be found here: equifaxsecurity2017.com
Want to learn more about miles and points? Subscribe to email updates or check out our podcast on your favorite podcast platform.
I went to the equifux site and it said I “may” have been compromised. So i did the initial sign up, and they sent an email for the ‘full’ sign up. when I clicked on the email to sign up, it said:
“Our records indicate that you have already enrolled and activated the TrustedID Premier product. Attempting to enroll again is not necessary.”
HUH? I do NOT remember ever signing up previously to trusted premier, so what’s going on? Unless it was when the store “Target” got hit and they offer free monitoring, which I think I might have signed up for? Very odd.
[…] Find out if you were affected by Equifax’s data breach […]
I also went to the link to check if I was affected, it told me I was not, but my husband was! Now they want us to wait until next week?
The three credit agencies charge a fee for placing a freeze, it depends of the state, if you are not a victim of identity theft.
But I have the same question, why do we need to pay? if our information was compromised, we are victims or not?
They’re pushing people to sign up for the site because in doing so they waive their right to be a part of a class action suit. Pretty terrible.
http://www.marketwatch.com/story/why-some-equifax-customers-have-unwittingly-waived-their-rights-to-a-class-action-lawsuit-2017-09-08
Oh fun. My Social and birthday were used 3 or 4 years ago, but no cc info. I was told that my info could be dormant for years and then resurface to be used again, Since it was my ss# I’ve been paying for monitoring (not w Equifax but w Experian) and so far so good. I was considering dropping it at the end of the year but guess I won’t for now.
[…] I published Equifax’s suggested solution. When you browse to the Equifax website, you’ll see a notice stating: “Equifax […]
Watch out for arbitration clauses if you accept their service. I’m sure they’ll be in there.
I did not get the confusing “Thank You” message. However I did have 2 fraudulent charges in France on 9/7. Also a friend in Mexico had fraudulent charges in Mexico the same day. Coincidence?
correction:
Friend in Mexico had fraudulent charges in France
Thanks all. I’m working on a follow-up post. Please stay tuned…
Equifax is doing a terrible job of handling this. My check showed I was affected. Enrolled in the protection plan and cannot sign up until next week. Why the delay? The info is out there NOW. Guess the bad actors get a week to work on the data before we get any protection. To add insult to injury, now I have had to pay Equifax $10 to put a freeze on my credit. But the really insulting part of this is the report that 3 senior Equifax execs sold their stock ($1.8 mil worth) before issuing the report on the hack. All around bad!
I too went to their page to see if I was affected and got no info, just the link to sign up for monitoring. So I went back to check the source code on the page that should have said one way or the other and code for both affected and not affected was there, just that neither one was triggered. I’m going to check back later to see if I get a different result.
Not sure if I am being too calm about this but there is a new hack every week. Yes this one involves SSN and DL# etc but hey there are 143m Americans impacted. There is nothing you can do unless you want to try to change your SSN and DL. Sign up for the credit monitoring, use it, and stay alert.
Plus, I think that the SS number was initially never meant to be an ‘identifiying number’ to be used for identity purposes. They should be using random 9 digit numbers that can be changed every year (like what they now have on driver’s licenses).
[…] Equifax today announced a “cybersecurity incident”. In other words, they were hacked, and about 143 million US consumers are potentially affected. Equifax says that the information accessed “primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.” Ouch. Luckily Equifax has made it easy to find out if you were affected. Simply go to this website and fill out the text boxes:LEARN MORE! […]
This is terrible. What proactive steps do I take? change everyone of my passwords? No info given on what info of mine maybe at risk? Is it my address, my social, my banking info….
This is an absolute joke.
I’ll take what’s left of my financial worth and short their stock……
I was told that I am affected when I input my info, so evidently if you see nothing you probably are not. However, the language is VERY confusing. Also, if I have to give up class action status to get the monitoring, it’s not worth it. This one is inexcusable. So is hiding the info and so is three top execs at Equifax selling massive amounts of stock after the breach was found, but before it was announced.
Isn’t that illegal? Didn’t they go after Martha Stewart back in 2004 for the same thing. Isn’t that called ‘insider trading’? Why aren’t there charges being brought against those executives? Did they pay off some officials with that windfall of $$ they received?
“Based on the information provided, we believe that your personal information may have been impacted by this incident.
Click the button below to continue your enrollment in TrustedID Premier.”
Great. What’s my next step? Sign up for LifeLock?
If you sign up for any services from Equifax, including TrustID, you agree to their terms which state you waive the right to participate in a class action or class arbitration against them. Very convenient.
Em thanks for mentioning this. I will not be signing up for this if that is true.
Have to say Greg, I expected at least some complaint in your post–this really really shouldn’t have happened. The breach was through a web security flaw. Okay, those happen. But the data in question shouldn’t have been on the same network as the web server. Basic security practice. Ridiculous that these chumps are given access to such stuff.
I got the same vague notice to check back next week so I called the toll free number they gave out for questions. I had to ask 3 times whether merely getting the notice to check back next week meant I was/was not affected. Finally, after reading the press release to me, the rep admitted he did not know. I asked to speak to a supervisor and was told someone would call me in 3 business days if I left my name and number.
Massive fail for them, first the breach and then this ambiguous way of finding out, or not, if you’re affected. Then, telling you to sign up for credit monitoring service, but you have to remember to come back to a link in 5 days. Who thinks up this stuff???
Three strikes as far as I’m concerned, They’re trying to get out cheap.
1) You shouldn’t have to guess if you were affected.
2) There shouldn’t be a delay to enroll.
3) They should remind you if you don’t enroll.
Among the heaps of things that suck about this are the fact that they waited months before mentioning this to the poor suckers who are ultimately being affected by this (i.e. is), and that, having announced the one year timeline, any criminal just has to wait one year and a day for this minimal effort to expire. Since this is their fault, and they’re the ones entrusted with the data to begin with, this service should be free for life for anyone who had their data taken through their carelessness. I’m one of the many so affected, and pissed about it doesn’t even begin to cover how I feel.
I agree! PLUS, why do these bureaus even exist?? They only serve the banks, not the consumers. Consumers must jump through hoops and red tape just to make sure their scores are high enough just to have the “privilege” of getting one of the banks credit cards and go into more debt. OH JOY! (sarcasm).
The biggest scam ever. These bureaus should be abolished. They’ll give out your info to anyone that requests it. Who needs hackers, when you have these guys just giving out your info like candy?!
Crap. I did mine and got no confirmation either way. Just a sign-up date. Then I did a completely fake one and it said I wasn’t impacted. So for everyone with no definitive confirmation like me… we’re probably screwed.
143m is >40% of the entire US population. I think it is fairly safe to assume if you don’t see the “you’re not affected” message you are.
Based on how poorly this company is handling things, I think it’s fairly safe to assume that no matter what message you see, you’re affected.
Plus what is the percentage of the US population who are children? I agree I think most of us are affected.
This whole thing looks incredibly scetchy at a minimum you should provide links to the source of these urls.
It is linked from the equifax homepage so it seems ligit but using random urls anyone could create is bad:
https://www.equifax.com/personal/
The only good thing about having had my ID stolen 2+ years ago is that I don’t have to worry about this incident. Or any incident.
My info is out there and always will be. Have a 7-year Fraud Alert at all the credit bureaus, which makes it difficult to apply for new CCs but does provide excellent financial protection.
I got this message “Based on the information provided, we believe that your personal information may have been impacted by this incident.” I clicked Enroll and it took me to sign up. Not ready to jump on it yet.
I also got the automatic enrollment. Definitely believe that means I’m affected. Such BS.
Same here. I’m assuming I was affected, since I too got a message with a date when I have to return to the site to enroll. But they really should have started the message with a line saying, something like, “We are sorry to inform you that you may have been affected by the cyberintrusion.”. This really sucks & there’s not much information out there…
Also, you weren’t given the choice whether to sign up for this program or not, which is a major flaw. Equifax is blowing it.
You can complain to Congress about the existence of credit reporting agencies..
Some great comments on Twitter about it. Screw this up worse, Equifax, really.
I went to the web site and it simply told me about my TrustedID date. Nothing about the breach. Does that mean I was affected? So unclear. FU, Equifax.
same just my date and no mention if I was or wasn’t effected.
+1 FU Equifax lol
Maybe it does mean you were affected. I don’t know. Yikes.
I’d edit your post, Greg. After doing this, I wouldn’t recommend to ANYONE to go through this web site and be signed up for a program I didn’t opt in to, and I got no information about whether I was affected or not.
You are not signing up for anything on this site, just checking if you’re affected.
You can choose to sign up (or not) after the date they tell you.
@Lrdx Incorrect. Maybe that was your experience, but not the same for many of us.
No he’s right. You’re not sigining up for anything. Just because they give you a date to sign up doesn’t mean you have to do it.
That said, fuck them for making the language unclear.
I did the initial enrollment and Equifax it didn’t appear I was affected. On the day to complete enrollment, I was told it also didn’t appear that I was affected, but when I clicked ENROLL anyway, same message but it didn’t load until the SECOND CLICK, then it told me it appeared I WAS AFFECTED. These guys suck. I was told three times I wasn’t affected until I finally got “enrolled”, HOWEVER to complete the registration I have to wait for their email (which Equifax suggested may be in my spam where they are hoping I will forget about it). When I do find my email, apparently it won’t arrive for several days, I need to complete the enrollment process.
Same here. Not happy about this.
From the FAQ:
Regardless of whether your information may have been impacted, we will provide you the option to enroll in TrustedID Premier. You will receive an enrollment date. You should return to this site and follow the “How do I enroll?” instructions below on or after that date to continue the enrollment and activation process. The enrollment period ends on Tuesday, November 21, 2017.