Credit monitoring agency Equifax revealed shocking news late September 7: A data breach of the company’s servers from mid-May through July 2017 resulted in the theft of the personal information of up to 143 million U.S. consumers—a huge chunk of the country’s 324 million population. Equifax says the breach leaked highly sensitive information, too, including “names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.”
That’s everything crooks need to open up credit lines in your name, or worse. And now it’s in nefarious hands.
Editor’s note: This article was originally published September 8, 2017, but has been updated with information about Equifax waiving credit freeze fees and the FTC’s warning about fraudulent phone calls.
Equifax hack: Was I affected?
Shamefully, Equifax won’t be contacting most of the 143 million victims directly to let them know they’ve fallen prey to data hackers. The hackers also swiped credit card numbers for 209,000 people, and “certain dispute documents with personal identifying information” for 182,000 more. Equifax will mail those particular victims—far less than 1 percent of everyone affected—a notice that they were affected by the breach.
Finding out if you were affected by the Equifax hack is trickier (and murkier) if you’re not part of that sliver. Equifax created the www.equifaxsecurity2017.com website for U.S. consumers to “see if your personal information is potentially impacted.” Let’s be frank: It looks like a fraud site. It’s frighteningly bare-bones and runs on WordPress, the URL differs from Equifax’s main site, some browsers were throwing up phishing warnings due to back-end configuration issues, and Equifax even asks for your social security number to confirm whether it leaked your social security number. Those are all classic signs of a malicious phishing site, but fear not: equifaxsecurity2017.com is legitimate.