Equifax's giant breach just got bigger: What you need to know

Jeanine Skowronski


Jeanine Skowronski

Jeanine Skowronski

Former Head of Content at Policygenius

Jeanine Skowronski is the former head of content at Policygenius in New York City. Her work has been featured in The Wall Street Journal, American Banker Magazine, Newsweek, Business Insider, Yahoo Finance, MSN, CNBC and more.

Published October 3, 2017 | 2 min read

Policygenius content follows strict guidelines for editorial accuracy and integrity. Learn about our editorial standards and how we make money.

News article image

Well, hate to say I told you so, especially in cases of very sensitive personal information finding it's way into the hands of hackers, but the offical number of people affected by Equifax's already giant data breach just got bigger.

In a press release issued Tuesday, the company said an additional 2.5 million U.S. consumers were potentially impacted in the breach it disclosed in early September.

That brings the total to 145.5 million people — which amounts to just over 45% of the U.S. population. But there is some (sort of) good news: Mandiant, the cybersecurity firm Equifax hired to investigate the breach, has completed the review meant to finalize those numbers. And it didn't identify any evidence of additional activity, so those 2.5 million consumers were compromised in the mega-breach, not during a subsequent one.

The revised numbers aren't exactly surprising. As I wrote shortly after news of the breach broke, data breaches have a habit of growing. Case in point: the Target data breach of 2013, which grew to 70 million affected customers from an initially announced 40 million.

How will I know if I'm on the Equihacked list?

Equifax is mailing written notices to the additional 2.5 million U.S. consumers identified since its September announcement. It's also updated its breach website EquifaxSecurity2017.com tool to include these customers, so you can go ahead and check there ASAP.

How to protect yourself after the Equifax breach

Equifax is offering free credit monitoring and identity theft monitoring to consumers following the breach. People have until the end of January 2018 to sign up, and have until the end of January to take Equifax up on its offer of a free credit freeze, which blocks access to your credit and, subsequently, thieves opening fraudulent accounts in your name. Equifax's new interim CEO Paulino do Reo Barros Jr. also announced the credit bureau was working on a new free product that would let people control access to their credit report in real time. It's slated to launch by Jan. 31.

To be clear, none of these options are a failsafe against identity theft. Equifax is just one of three major credit bureaus — Experian and TransUnion are its cohorts. And a lender can pull a credit report from any one of them at any given time, so unless you freeze all three credit reports, a fraudulent account could conceivably get opened in your name.

Plus, credit freezes and credit monitoring don't protect against every type of identity theft out there. You still need to monitor credit and debit card accounts for fraudulent charges. And, given the Equifax breach involved Social Security numbers, taxpayer identity theft and even medical identity theft are still something you need to look out for.

In other words, you still need to take action. Fortunately, we've got a full guide to surviving Equifax's data breach right here and you can also check out our primer on spotting identity theft as you move to protect yourself.

Image: Martin Dimitrov