Still Haunted by the 2017 Equifax Data Breach?

Jack O'Lanterns Haunted by the 2017 Equifax Data Breach

Ghosts, goblins and ghouls – October is a scary time of year!  Are you still haunted by the Equifax Data Breach of 2017?

What Happened?

To refresh, if you have established any type of credit, be it a credit card, car loan or mortgage, there is a credit report on you. At least 143 million consumers’ personal information was compromised in a data breach at Equifax during May – July 2017. Equifax is one of the top three credit reporting agencies in the US, which includes Experian and TransUnion. In my family one in three adults was affected.  My mother and I were not impacted by the breach but my husband was.

According to Equifax, hackers obtained people’s names, Social Security Numbers (SSN), birthdates and some driver’s license numbers. They also stole credit card numbers and dispute documents containing personally identifiable information (PII). The most important piece of information is your SSN.  It can be used to open bank accounts, credit cards, apply for benefits and file taxes. What a nightmare!

What’s the Status?

The Equifax 2017 Cyber Security Incident Settlement was approved in January 2020. If you were affected, you should have been issued credit monitoring instructions and an activation code by email or by mail by February 25, 2022.

If you were not notified and believe you may have been a victim, it’s not too late to find out and take action. Federal law requires that each of the three credit reporting agencies provide a free annual credit report every 12 months if you ask for it. You many request all three reports at one time or one at a time.

Due to Covid, many people have faced financial hardship so everyone is now eligible to receive a weekly credit report from all three credit bureaus through December 2023. Also, everyone in the U.S. can get six free credit reports per year through 2026 by visiting the ,Equifax website or by calling 1-866-349-5191. This is in addition to the one free credit report available through

What Can YOU do NOW?

1. Find out if you may have been part of the breach. Click on the link (or copy into your browser) You will need to enter your last name and the last 4 digits of your SSN so make sure you’re doing so on a secure computer and an encrypted network connection.

2. You may be eligible to file a claim during the Extended Claims Period if you have not received reimbursement for the claimed loss through other means.

3. If you were a victim you will be eligible for at least 7 years of free assisted identity restoration services to help you remedy the effects of identity theft and fraud. Services will be available for at least 7 years after January 11, 2022 (the Settlement Effective Date).

Don’t be Tricked in the Future!

Even if you were NOT affected by the 2017 Equifax Data Breach, identity theft is on the rise. You should take advantage of the free credit reports available to you. In addition, consider the following proactive preventative measures:

Consider Placing a Credit Freeze

This makes it harder for someone to open an account in your name. You will be provided with a password or pin which you must retain. You will need to lift the credit freeze if you apply for new credit such as a car loan or new credit card so keep it in a safe, secure place. (There may be a nominal fee to lift the freeze). Remember, a freeze doesn’t prevent charges to your existing accounts that may have been compromised.  That’s why it’s important to monitor your financial accounts for any suspicious activity and report it immediately.

Shred Documents that Contain PII.

In general, only two pieces of personally identifiable information, such as name and address, together with your SSN are all that’s needed to steal your identity. Old tax records, credit card and bank statements contain that information. In an effort to combat identity theft, many communities and organizations sponsor community shred days, usually in the spring and fall. To find one near you, google “Community Shred” and your town or neighborhood. In addition, office supply businesses and services frequently provide shredding service.

Destroy Media that Contains Data

Hard drives, SIM cards, thumb drives, and even old mobile devices, probably contain at least some of your personal information. Today’s average hard drive holds 7.8 terabytes of data which is approximately 117,000 cases of paper! No wonder hackers have replaced dumpster divers! While a commercial data breach such as that of Equifax is harmful to many people, a breach of your own data would be just as devastating to you personally. Make sure anything and everything that may contain data that could lead to identity theft, or special forms of identity theft such as tax, medical or child identity theft, is destroyed so it doesn’t wind up in someone else’s hands.

Sometimes data destruction of hard drives and other media is available at community shred events but most often, employers offer the opportunity to their employees when they destroy the devices that contain their corporate data. Ask your employer if this is an option. If not, contact Electronics Value Recovery, Inc. to learn more about setting up a corporately sponsored employee event.

Even More Scary!

As if the breach itself isn’t scary enough, scammers are taking advantage of data breach. They pose as someone from the organization where the breach occurred and ask you to verify your “account” information and try to get your money, personal information or your entire identity. If you are called regarding a breach, do not provide or verify personal information. Never give out this information unless you initiated the call. And don’t trust caller ID. Scammers can spoof their numbers to trick you into answering.

But just as October has one of our scariest holidays, it’s also Cybersecurity Awareness Month. To find out more about how to protect your privacy, or if you think you’ve been scammed, contact the Identity Theft Resource Center (ITRC) or the Federal Trade Commission at These sites outline the steps you need to report and recover.