Equifax reveals full scope of last year’s data breach

Young man working in the office with a worried look on his face as he stares at his laptop Young man working in the office with a worried look on his face as he stares at his laptop Image:

Editorial Note: Credit Karma receives compensation from third-party advertisers, but that doesn’t affect our editors' opinions. Our marketing partners don’t review, approve or endorse our editorial content. It’s accurate to the best of our knowledge when it’s posted.
Advertiser Disclosure

We think it's important for you to understand how we make money. It's pretty simple, actually. The offers for financial products you see on our platform come from companies who pay us. The money we make helps us give you access to free credit scores and reports and helps us create our other great tools and educational materials.

Compensation may factor into how and where products appear on our platform (and in what order). But since we generally make money when you find an offer you like and get, we try to show you offers we think are a good match for you. That's why we provide features like your Approval Odds and savings estimates.

Of course, the offers on our platform don't represent all financial products out there, but our goal is to show you as many great options as we can.

Equifax has revealed that its massive data breach impacting 147.9 million people goes beyond the theft of consumers’ names, Social Security numbers and birthdates.

In a filing to the SEC, the credit reporting company provided a table detailing the breach, revealing that approximately 99 million addresses and 17.6 million driver’s license numbers were exposed. The breach also exposed other information on the 147.9 million consumers affected, including …

  • Phone numbers of approximately 20.3 million consumers
  • Email addresses of approximately 1.8 million consumers
  • The gender of approximately 27.3 million consumers

Equifax also disclosed that its online dispute portal, which people can use to challenge items on their credit reports, was compromised in the cyberattack. This resulted in the exposure of approximately 56,200 images of government-issued identification documents, including photos of people’s driver’s licenses, passports, Social Security or taxpayer ID cards, and other identity documents.

The company says it does not expect to identify any additional consumers impacted by the attack.

What does this mean for you?

The Equifax security breach is worse than originally thought, potentially having a deeper impact on those affected.

In September of 2017, the company initially reported that hackers accessed the data of up to 143 million consumers in the U.S., which included Social Security numbers, birthdates, addresses, credit card numbers and driver’s license numbers.

In the following months, Equifax updated its estimated number of affected people twice. In October 2017, it announced an additional 2.5 million consumers were exposed. And in March of this year, the company revealed an increase in the total number by another 2.4 million — bringing the total tally to 147.9 million.

And now, we’re seeing the full extent of the breach — learning that sensitive information from the impacted consumers, like phone numbers, email addresses and even gender, were also exposed.

Why should you care?

Some victims may have had multiple types of information stolen in the Equifax breach. This could mean that hackers have their hands on even more information they can use to open up new credit card accounts or take out loans in another person’s name.

What can you do?

First of all, find out whether the breach impacts you.

Equifax has a website — equifaxsecurity2017.com — that lets you see whether your personal information was stolen in the initial data breach. (The people whose partial driver’s license information was taken will be notified by U.S. mail.)

Whether your data was compromised in the recent Equifax breach or not, you can be proactive in reducing your risk by monitoring your personal information. Here are some tips that can help you reduce your risk of identity theft in the event of a future public data breach.

  1. Use free credit monitoring tools, like Credit Monitoring from Credit Karma. It can alert you when there are important changes on your TransUnion® or Equifax® credit reports, which can help you spot errors.
  2. Get free copies of your credit reports.You can obtain your full credit reports from each of the three major consumer credit bureaus — TransUnion, Equifax and Experian — once every 12 months.
  3. Freeze your credit. A security freeze is a great way to restrict access to your information, as it prevents prospective creditors from pulling your credit reports, which could block someone from using your personal information to take out a loan or new credit card in your name. Just know that you won’t be able to apply for a loan or credit card until you unfreeze your credit.