Skip to main content

Top 10 ways to protect yourself in the wake of the Equifax data breach

Credit report warning

Whether or not you are among the millions of people affected by the recent Equifax data breach, there are several steps you can take to respond when your personal information is exposed in a data breach. 

We outlined several identity theft tips for you last week. Since then, people have been asking many questions and we will continue to work to provide answers—or point people to other resources that may help make the situation clearer. 

Free credit monitoring offered by Equifax

Equifax is offering a free monitoring service to anyone—not only those who are affected by this breach. Since this is a free service, you should consider signing up for this service, if it makes sense for you, by visiting equifaxsecurity2017.com .

Any time you are offered free credit monitoring, make sure you check for:

  • Trial periods
  • Fees
  • Cancellation requirements
  • Other restrictions, such as automatic renewals
  • Whether you are being asked to give your credit card, debit card, or bank account information

If you don’t give your credit card, debit card, or bank account information, that helps to avoid getting automatically renewed and charged for something that you expected to be free. This will also help to make sure you don’t face unexpected fees, charges, or other limitations.

Credit monitoring and arbitration

In the initial response to the data breach, people were concerned over an arbitration clause to enroll in Equifax’s TrustedID program for credit monitoring. Originally, this clause stated that claims and disputes against the company would be settled by arbitration, as opposed to in a court of law. 

In an update for consumers , Equifax announced that it has removed the arbitration clause language from its terms of use for the credit monitoring product, called TrustedID Premier. With this change, the company has stated that anyone who enrolls in the company’s free credit file monitoring and identity theft protection will not waive their right to pursue legal action or join a class-action lawsuit concerning the cybersecurity incident or the TrustedID Premier product provided in response to that incident, should you choose.

Top 10 ways to protect your personal information from being misused

1. Review your credit report. You are entitled to a free credit report every 12 months from each of the three major consumer reporting companies (Equifax, Experian and TransUnion). You can request a copy from AnnualCreditReport.com

2. Consider a security freeze. A security freeze or credit freeze on your credit report restricts access to your credit file. Creditors typically won’t offer you credit if they can’t access your credit reporting file, so a freeze prevents you and others from opening new accounts in your name. In almost all states, a freeze lasts until you remove it. In some states, it expires after seven years.  

3. Set up a fraud alert. Fraud alerts require that a financial institution verifies your identity before opening a new account, issuing an additional card, or increasing the credit limit on an existing account. A fraud alert won’t prevent lenders from opening new accounts in your name, but it will require that the lenders take additional identification verification steps to make sure that you’re making the request. An initial fraud alert only lasts for 90 days, so you may want to watch for when to renew it. You can also set up an extended alert for identity theft victims, which is good for seven years.

4. Read your credit card and bank statements carefully. Look closely for charges you did not make. Even a small charge can be a danger sign. Thieves sometimes will take a small amount from your checking account and then return to take much more if the small debit goes unnoticed.

5. Don’t ignore bills from people you don’t know. A bill on an account you don’t recognize may be an indication that someone else has opened an account in your name. Contact the creditor to find out.

6. Shred any documents with personal or sensitive information. Be sure to keep hard copies of financial information in a safe place and be sure to shred them before getting rid of them. 

7. Change your passwords for all of your financial accounts and consider changing the passwords for your other accounts as well. Be sure to create strong passwords and do not use the same password for all accounts. Don’t use information such as addresses and birthdays in your passwords. For more tips on how to create strong passwords read more from the Federal Trade Commission (FTC)

8. File your taxes as soon as you can. A scammer can use your Social Security number to get a tax refund. You can try to prevent a scammer from using your tax information to file and steal your tax refund by making sure you file before they do. Be sure not to ignore any official letters from the IRS and reply as soon as possible. The IRS will contact you by mail; don’t provide any information or account numbers in response to calls or emails.

9. Active duty servicemembers are eligible for additional protections, and should also monitor their credit carefully. Learn more about what you can do if you’re currently serving at home or abroad.

10. If you are the parent or guardian of a minor and you think your child’s information has been compromised, here are some steps from the FTC you can take to protect their information from fraudulent use. If you think you or your child’s identity has already been stolen you can follow checklists and additional steps provided by the FTC to begin recovering from a case of identity theft. 


Join the conversation. Follow CFPB on X (formerly Twitter) and Facebook .