About the Massive Equifax Data Breach and What to Do About it

As almost every knows, in Equifax suffered a massive data breach that affected about half of the United States population and nearly three-quarters of consumers with credit reports.  To make matters worse, the stolen information included sensitive personal data useful for identity theft: Social Security numbers, dates of birth, and in some cases, driver’s license numbers. The thieves also got credit card information on 200,000 consumers.

Consumer advocates are calling on Equifax to pay fees for security freezes for consumers.  A security freeze is the most effective measure against “new account” identity theft, because it stops thieves from using the consumer’s stolen information. Equifax is offering one year of its credit monitoring and identity theft prevention product in response to the security breach, which it states includes “the ability to lock and unlock Equifax credit reports.” That is a first step, as the ability to lock Equifax reports is better than credit monitoring alone. Credit monitoring only informs consumers after the fact when there has been an attempt to open a fraudulent new account using the consumer’s personal information. However, consumers need the ability to “lock down” or freeze their credit reports at all three major credit bureaus, and for more than one year, because the stolen information could still be used to fraudulently apply for credit using a report from Experian or TransUnion as well.

The National Consumer Law Center (NCLC) experts recommend that consumers affected by the breach should not wait to see if Equifax will pay for freezes at the other two credit bureaus; they should get freezes immediately if they are worried about identity theft. If consumers do not want to get a freeze, there is also the option of putting a 90-day “initial fraud alert” in their credit report that tells businesses they should verify your identity before they issue credit. The initial fraud alert must be renewed every 90 days.

The NCLC also warns the data breach could lead to tax identity theft, where crooks file phony tax returns in the consumers’ name. The Internal Revenue Service had previously made available Identify Theft PINs for consumers in Florida, Georgia, and the District of Columbia, and consumers in those states should consider getting the pin (which they should do before getting a freeze). The IRS should make Identity Theft PINS available to all affected breach victims. Here is NCLC’s statement.

Ron Lieber of the NY Times has a helpful article on how to protect yourself following the breach. The article is here.

After the news of the Equifax data breach, lots of companies are advertising their services to prevent identity theft.  A NY Times article dated today on these companies points out that these services vary greatly, both in reputation and in offerings. Signing up also requires consumers to entrust yet another corporate entity with their most sensitive data — many of the same details stolen in the Equifax breach — while entering into legal agreements filled with fine print that leads consumers to give up many rights. Some of the more prominent services also have questionable histories. The Government Accountability Office counts at least 16 federal enforcement actions taken against providers of identity theft protection — financial institutions among them — for various infractions, according to a March report.

Kathleen Pender of the SF Chronicle published articles on Equifax’s announcement it was temporarily waiving security freeze fees (here) and why its offer is not nearly enough here).


  • 1736 Stockton Street
    Ground Floor
    San Fransisco, CA 94133
  • (415) 651-1951