Skip to Main Content
Publications | September 8, 2017
8 minute read

Equifax Hack Affects 143 Million Consumers. How Should You Respond?

Yesterday, Equifax, one of three major credit reporting companies, reported that its systems had been hacked and personal information concerning 143 million people had been obtained by the hackers. According to Equifax, “The information accessed primarily includes names, social security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.”

Equifax has set up a website that you can visit to determine whether your information has been compromised. The website is:

When you visit this site, it will ask for your last name and the last six digits of your social security number. It will also ask you to verify that you are not a robot. Once you provide the information, it will tell you either that you were not affected or that you were potentially affected. If your data was compromised, you will be given the option to enroll in Equifax’s TrustedID Premier service (more about that later). When you click on enroll, you will be given a date after which you must return to an Equifax website to complete the enrollment process. You will see a screen that looks like this:

It is important that you write this information down, because Equifax will not provide you any reminders of the date. You have from the date provided until November 21, 2017, to complete the enrollment process.

Equifax is providing this free one year credit protection service from TrustedID Premier to those impacted by the hack. To enroll in the program, follow steps on Equifax’s website:

TrustedID Premier is a product Equifax sells for $27.99 per month, but it is offering individuals affected by the breach one year of free service. TrustedID Premier provides:

  • A copy of your Equifax credit report;
  • Credit file monitoring at the three major credit reporting agencies (Equifax, Experian and TransUnion) and alerts you to changes in that data;
  • The ability for you to "lock" and "unlock" your file with Equifax, so that Equifax will not provide it to any creditor or other company without your permission;
  • Identity theft insurance of $1 million; and
  • Internet monitoring of sites where your social security number appears (such as “dark web” sites where stolen personal information is sold).

If you have been affected by the breach, you should consider signing up for TrustedID Premier. But, before you do so, you should review the terms and conditions of the offer. Several commentators on the Internet have noted that the terms and conditions of the Equifax website and of the TrustedID Premier service ( require you to waive the right to participate in a class action against Equifax or Trusted ID., Inc. Whether this waiver is effective to prohibit your participation in a class action related to the data breach is unclear. You need to weigh that possibility when deciding whether to proceed with Equifax’s offer. Some may decide they do not want to agree to the provisions; others may decide that it is more important to get the protections offered now rather than wait to receive a potential award in a class action settlement years down the road. If you proceed with the offer, you would not be waiving your claim, only your right to participate in a class action. [September 12, 2017 Update: Responding to criticism, Equifax removed the arbitration agreement and class action waiver from the Terms of Use for the TrustedID website.  Equifax also clarified that the terms of use for the Equifax website will not apply to its Trusted ID product.  Equifax modified the FAQs concerning the data breach to include this statement: “to be as clear as possible, we will not apply any arbitration clause or class action waiver against consumers for claims related to the free products offered in response to the cybersecurity incident or for claims related to the cybersecurity incident itself.”] 

Even if you sign up for TrustedID Premier, it may not be sufficient to protect your identity. Here are some additional steps you should consider taking:

  1. Obtain and review your credit report three times a year. You are entitled to receive a free copy of your credit report once a year from each of the three national credit reporting agencies. The credit reports are usually pretty similar, although not exact. I recommend that people contact one of the three agencies every four months to get an updated credit report. The credit report also lists companies who have requested a copy of your credit report. When you get your credit report, check it carefully to make sure the information, including your social security number, is accurate. If there are inquiries from companies you haven't contacted, accounts you didn't open, and debts on your accounts that you can't explain, you should follow up with the credit reporting company. They have a duty to investigate and to report their findings back to you.

To order your free annual report from one or all the national consumer reporting companies, visit You should not contact the three nationwide consumer reporting companies individually; they provide free annual credit reports only through There are other services out there that tout free credit reports, but they are usually trying to sell you something else. Use this site.

While Equifax is offering its CreditLock security freeze for free as part of its TrustedID Premier service, that does not freeze your credit report at the other two national credit reporting agencies. You have to deal with both of them individually. You have to request and manage a security freeze with each of the three consumer reporting agencies. Here are links to the details of how TransUnion and Equifax manage their freeze programs:

There are two types of fraud alerts. An Initial Fraud Alert is good for 90 days. So you have to renew it or it will lapse. Persons who have been the victim of identity theft can have an Extended Fraud Alert placed on their report. It is good for 7 years. To obtain an Extended Fraud Alert, you have to have reported the identity theft to either a police agency or the Federal Trade Commission.

You can request a fraud alert from any of the three nationwide credit reporting agencies. I do not recommend any one over the other. The three companies are required to share alerts, so you only have to contact one. The three companies are:

The Equifax data breach is particularly severe because it included people’s social security numbers. The protection that Equifax is offering is not total protection. As noted, Equifax’s CreditLock only locks your credit report from creditors who use the Equifax service. A thief with your social security number will still be able to use it with creditors who get their credit reports from Experian or TransUnion, unless you request a credit freeze from them, as well. In addition, some creditors extend credit without requesting credit report from the three national credit reporting agencies. In that case a fraud alert or credit freeze will not do you any good.  

Moreover, Equifax is offering TrustedID Premier for free for just one year. But, identity thieves often wait that time period out before attempting to use the information, so you may want to continue the credit freezes with each of the credit reporting agency after the initial coverage expires.

Finally, identity thieves can use your information in ways other than seeking credit that would require a credit report. Each tax season, for example, identity thieves file thousands of bogus tax returns using stolen social security numbers to steal tax refunds. 

So it is important to be vigilant.  

This message is not legal advice and does not create an attorney-client relationship between the author and any recipients. If you have specific questions regarding your own personal circumstances, you should seek the advice of counsel.