Credit-reporting company Equifax has just announced a major cyber security breach that has exposed the data of approximately 143 million U.S. consumers.

What data was exposed?

The company says the following data was accessed:

  • names
  • Social Security numbers
  • birth dates
  • addresses
  • driver's license numbers
  • credit card numbers (approx. 209,000 U.S. consumers)
  • dispute documents (approx. 182,000 U.S. consumers)

Equifax says the data of some UK and Canadian residents may have been exposed as well.

When did this happen?

The company discovered the intrusion on July 29 and believes the intrusion happened between mid-May and July 2017.

What did Equifax do when it discovered the intrusion?

The company says it immediately took action to stop the breach. It also hired a cybersecurity firm to learn more about the breach and determine how much data was exposed:

The company promptly engaged a leading, independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Equifax also reported the criminal access to law enforcement and continues to work with authorities. While the company's investigation is substantially complete, it remains ongoing and is expected to be completed in the coming weeks.

How can I determine if my data was exposed in the breach?

Equifax has set up a dedicated website, www.equifaxsecurity2017.com where U.S consumers can determine if their data was impacted.

To determine if you were potentially impacted by the breach, you can visit the Equifax security site and enter your last name and the last six digits of your Social Security number (no, the irony is not lost on us). If you were impacted, you'll receive a message indicating just that.

The company is also offering free credit file monitoring and identity theft protection:

The offering, called TrustedID Premier, includes 3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers – all complimentary to U.S. consumers for one year.

The company says it will mail out notices to consumers whose credit card numbers and dispute documents were exposed in the breach.

What can I do if my data was exposed in the breach?

You should absolutely take advantage of the free credit file monitoring and identity theft protection. You should also do the following:

  • Obtain a free copy of your credit report from Equifax, Experian, and TransUnion by requesting the documents on the Annual Credit Report site. ( Note: You can do this once a year for free. )
  • Place a credit freeze or fraud alert on your identity. You can learn more about placing a credit freeze here and learn more about placing a fraud alert here.
  • The FTC recommends filing your taxes early. If someone steals your personal data and files your taxes, they can use it to claim a tax refund or get a job.
  • Stay vigilant. Exposed data can be used in fraudulent calls, emails, and other messages.
  • If your driver's license number was stolen, contact your local Department of Motor Vehicles and explain the situation.
  • Visit IdentityTheft.gov for more information.