What You Should Know About the Equifax Data Breach

Hey there, all you homeowners, home renters, home renovators, DIY crafters, home seekers a.k.a. travelers, and tchotchke shoppers out there. You know what you all have in common? Unless you paid cash for your home and pay cash for all your project doodads, you’re probably shopping with a credit card, have a mortgage, or had some kind of credit report run on you before.

That means we all have one more thing in common, and it’s not a fun one.


Equifax Inc. is a consumer credit reporting agency, and along with Experian and TransUnion, is one of the three largest American credit agencies. They earn their living by monitoring, collecting, and analyzing data on over 800 million consumers and 88 million businesses around the world. That means they’ve collected a hell of a lot of data.

Data that, unfortunately, has been compromised. Between May and July of this year, hackers made off with names, social security numbers, birth dates, other personal identification information, and even credit card numbers. You may have seen reports that over 143 million American consumers were potentially impacted by this breach.

Impacted? What does that mean? And what do we do about it?

Well, let’s break that down a little bit. Because we’re worried about our own credit security and have been doing some serious research, we’ve collected a pretty good library of resources and information on the Equifax issue.

What This Means

So, hackers may have gotten your personal information. What does that mean?

They can do a number of different things with it, like selling social security numbers and driver’s license numbers, and other key bits of personal identification to people who will use that information to make fake IDs and open fake credit lines in your name.

This isn’t anything new. We’ve seen hacks at Target, Home Depot, the U.S. Office of Personnel Management, and other huge data breaches resulting in a lot of lost personal information. What makes the Equifax breach any different from these? Should we all treat our credentials as “in the open” the moment we use credit somewhere?

Well…I would say yes to that last part. That’s one of the reasons it doesn’t trouble me to have a public blog and public social media pages. That stuff is already out there! Think of all the passwords and password savers and browsers and “remember me” options you clicked out there. About all the things that are public record. Your stuff is out there. But what about the previous question? Should we worry about this more than other breaches?

The fact that Equifax waited six weeks to disclose the breach and take measures to help consumers correct it is a massive issue. They still haven’t explained the delay, but that’s a hell of a lot of time to let hackers play in your databases. And let’s not even talk about the executives and the shares they sold.

But the worst? Equifax’s solution is signing people up for it’s own TrustedID protection service, without notifying you that if you enroll, you give up your right to sue Equifax or filing or joining a class action suit against them. Not great, if this doesn’t turn out well for Equifax.

What Do We Do?

There are a lot of different routes you can go. I assume the worst in these cases and I’m assuming that my data is out there. If you want to check whether your data might have been impacted by the breach, you can visit Equifax’s security information website at www.equifaxsecurity2017.com. Click here, and it’ll open in a new window.

There are steps there to verify whether or not your personal information was exposed as part of the breach. Note: You will be asked to enter sensitive data, so make sure you are on a secure computer with an encrypted network. You decide whether you want to trust them with your information, or whether you want to use their TrustedID protection.

Still, Equifax is not your only option. Here are some other things you can consider.

Credit Freeze. credit freeze lets you restrict access to your credit report, making it more difficult for people to use your information to open new accounts. If lenders can’t see your file, they will likely not offer you credit. It doesn’t affect your credit score or prevent you from seeing your credit score, but it also does not prevent anyone from making changes to accounts you already have, or taking advantage of prescreened offers.

Opt Out. Speaking of those pre-screened offers, you have the option to opt out. All you have to do is call 888-5OPTOUT {888-567-8688} or visit OptOutPrescreen.com. No more pre-screened offers for anywhere from a year to 5 years, or in some cases, permanently. What do you lose in this case? The protection of not being turned down from an offer except for very limited reasons, sometimes more favorable terms, and a chance to cost compare. But if you’re not in the market for credit offers, loans, mortgages, or anything else at the moment, consider a temporary opt out.

Watch Your Accounts. We monitor our accounts, our investment accounts, and our credit cards almost daily, and we have an almost live update of our credit report through our bank. Why? Because that makes it a whole lot harder for someone to run up a bunch of charges on your card or open an account in your name without you noticing. We have built this vigilance into our daily routine thanks to a couple stolen credit card number incidents, and it has just become routine. Watch your accounts, and if there are any charges you don’t recognize, call your bank immediately.

Watch Your Credit Report. Scott and I are lucky in that we’ve already purchased our house, purchased a car, and are not looking to apply for any new lines of credit anytime in the near future. So we know if a credit report shows a new line of credit somewhere, it’s not us. Any activity on your credit report or accounts being added are likely indicators of identity theft. Watch out for those.

Fraud Alert. If you decide not to do a credit freeze, consider a fraud alert. A fraud alert just places a warning on your file that you may have been a victim of identity theft, and that they need to take steps to verify that the person asking for credit is really you.

More Resources

Here are some other sources of information on the Equifax breach and finding assistance:

So there you go. Hopefully the folks on the Hill nearby us figure out how to impose some penalties on the old source code and bad practices companies like Equifax use when it comes to your personal data, but in the meantime, we can all take actions to make sure our home ownership and home improvement budgets go unhindered!

Disclosure: We have our credit reports and identity protection through USAA, and we’re likely to stay there. Full disclosure, that includes Equifax but also Experian and TransUnion. We are also big fans of LifeLock identity protection.

Anything we missed? Please let us know!



You Might Also Like

  • Thank you for sharing this! I think I’ve been a part of just about every major data breach that’s happened in the last few years – Target, OPM, Blue Cross/Blue Shield, and now this one. Mostly I just try to keep track of my credit report and the monitoring I get through my back, but still, I’m always afraid I’ll miss something and someone will be doing terrible things in my name. This was a huge help in understanding all of it, so thank you, so much, for sharing!

    • Thank you Terra! I’m so glad it was helpful! It’s shocking just how many agencies trusted with our personal information have let it hang out in the breeze. I think we always just have to assume it’s out there, and do what you’re doing – monitoring diligently. Getting your credit report regularly is, I think, the most important part. It’s less about monitoring your credit score and more about making sure that everything contributing to that score is actually your doing! I find that’s the best way to catch any nefarious activity.

      In full disclosure, we are going with the Fraud Alert option. I don’t think we need a full freeze, but we want to make it harder for anyone to open credit lines in our names. To do that, all you have to do is call the credit reporting company and tell them you may have been an identity theft victim. The alert is good for 90 days, after which they will ask you to renew. The good news is that you only have to call one of the three companies, and they’ll do the reporting for you.

      You can find all the details on how to do a Fraud Alert here if you’re interested: https://www.consumer.ftc.gov/articles/0275-place-fraud-alert