Skip to content

Steps to Take Following the Equifax Breach

Note: this article was sent last month to clients immediately following the Equifax data breach.

This month’s post concerns steps to take following the Equifax breach. There is lots of information in the public domain (here is one at, but you might find some of it conflicting. Also, if you have followed some of the steps in the preceding article, the Equifax website has been frustrating for millions.

I can speak to these steps having been impacted by the Blue Cross/Blue Shield data breach some time ago! So far, no identity fraud has been detected, although I think about it with every transaction I make.

Step 1: Assume you are impacted

Equifax has been very cagey about stating whether consumers have been impacted by the breach. If you go to and enter your information, you may get a message that says you “may” be impacted. They announced at one point they would be contacting those impacted by e-mail. I know we have received nothing, have you?

Given the size of Equifax’s business in the credit reporting industry, you should assume you are impacted. So then what?

Step 2: Freeze your Credit

Contact the three major credit reporting agencies and freeze your credit. This means that you are sealing your credit reports; the company provides you with a PIN that only you know, which you can use to “unfreeze” your credit for legitimate inquiries on your credit. This means that even if crooks get your information, they cannot open new credit in your name.

You can do this online (assuming you have good computer security set up) or by phone. Clark Howard, who is a debt expert has a good guide to freezing credit at all three agencies. It can be found at

Step 4: Use a Credit Monitoring Service

There are many available, including at the credit reporting agencies. Equifax is offering one for free to those impacted by the breach, but when I tried the link at their website, I got a message saying I would have to wait until September 14th (this was on the 9th). Since I already have another service, I am not pursuing theirs.

(Equifax also has a statement regarding the monitoring service that clients using it waive their rights to a class action suit; some commentary points out that this applies to the monitoring service, rather than the breach itself. But waiving rights to either is not good.)

If you do not already have a service, I recommend you not wait. Also, you may not feel so good about letting the company who had the breach do the monitoring.

Instead, you may want to use, which is also free and provides credit reports, which by the way, you should probably check.

Step 5: Beware Phishing Messages and Phone Calls

Once someone has your information, you may be a particular target for scams via e-mail and by phone. When e-mail arrives concerning something financial, be sure to contact the entity directly, rather than by clicking on a link provided in the message. Look for misspellings and grammatical mistakes, which can be an indication of a fraudulent message. Do not answer the phone for numbers you do not recognize, and carefully evaluate any voicemails you receive.

Step 6: Go to the Social Security Website and Establish 2-Step Authentication

The website is I think it is self-explanatory why you would want to do this one.

Step 7: Use 2-Step Authentication at Any Website with your Credit Card Number

For example, offers this, and it would be desirable anywhere you have a credit card on file. You may also want to think about where you do have credit cards on file and delete them if they are not absolutely necessary to use a site. It may be worth typing that information in over again, especially if it is a site you do not use frequently and may forget that your card information resides there.


I hope none of you have any trouble from the Equifax situation. Please take this issue seriously and do what you can to protect yourselves. Best of luck!