LIVE NOW: Senate impeachment trial of President Trump

Equifax Data Breach: What You Need to Know

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

NEW YORK — A huge security breach at credit reporting company Equifax has exposed sensitive information, such as Social Security numbers and addresses, of up to 143 million Americans.

Check HERE to see if your information is affected by the Equifax breach.

Unlike other data breaches, those affected by the breach may not even know they’re customers of the company.

Equifax is one of three nationwide credit-reporting agencies that track and rate the financial history of consumers. The company gets its data from credit card companies, banks, retailers and lenders — sometimes without you knowing.

Related: The biggest data breaches ever

The data breach is among the worst ever because of the amount of people affected and the sensitive type of information exposed.

How many people were affected?

The company says as many as 143 million people in the United States were hit. Others in the U.K. and Canada were also impacted, but Equifax hasn’t said how many. Credit card numbers for about 209,000 U.S. customers were compromised, in addition to “personal identifying information” on about 182,000 U.S. customers.

Who was impacted?

Equifax said it will send notices in the mail to people whose credit card numbers or dispute records were breached. The company said it found no evidence that consumers in other countries were affected beyond the U.S., U.K. and Canada.

What information was accessed?

The hackers accessed personal information such as names, Social Security numbers, birth dates, addresses, credit card numbers and the numbers of some driver’s licenses.

When did this happen?

Equifax said the breach happened between mid-May and July. It discovered the hack on July 29. It informed the public on September 7.

How did this happen?

Equifax said criminals “exploited a U.S. website application vulnerability to gain access to certain files.” A company spokesperson did not immediately respond to a request for further comment.

Who was behind the breach?

The company hasn’t clarified but noted an investigation is ongoing.

Am I at risk, and what is Equifax doing to help?

Equifax is proposing that customers sign up for credit file monitoring and identity theft protection. It is giving free service for one year through its TrustedID Premier business, regardless of whether you’ve been impacted by the hack.

To enroll and/or check whether you were affected, visit and click on the Check Potential Impact tab. You’ll need to provide your last name and the last six digits of your social security number. Once submitted, you will receive a message indicating whether you’ve been affected.

Then, you have the option to enroll in the program, but you can’t actually sign up for the service until next week. Each customer is provided an enrollment date starting earliest on Monday.

Can I sue Equifax?

You may limit some of your rights to sue if you sign up for Equifax’s offer of free identity theft protection and credit file monitoring. You must notify Equifax within 30 days of signing up that you do not agree with its demand to submit disputes to arbitration. But there are attorneys who argue that even if you don’t opt out that way, the arbitration provision does not cover suits related to this breach.

It seems like cybersecurity hacks are happening a lot. Is this the biggest ever?

The Equifax breach is one of the largest breaches ever. Some other high-profile examples include two breaches at Yahoo — the bigger one involved 1 billion accounts, the lesser impacted 500 million — and a hack at Myspace that involved 360 million accounts.


  • Pink Squirrel Avenger

    Soooooo…..essentially, Equifax wants us to give them more hackable information to see if our information has been hacked? No thanks. I’m good.

  • Are you kidding!?!

    The terms of use for the credit-monitoring service, which is called TrustedID Premier, also appears to require consumers sign away their right to sue Equifax. By waiving away their legal rights, consumers instead agree to mandatory arbitration, a tactic that has come under fire by consumer rights advocates as “rip-off clauses” because they bar consumers from banning together to sue in a class action.

Comments are closed.

Notice: you are using an outdated browser. Microsoft does not recommend using IE as your default browser. Some features on this website, like video and images, might not work properly. For the best experience, please upgrade your browser.