The credit monitoring company Equifax has been hit by a mammoth hack that is one of the most serious data breaches of all time. This is not yet another day, yet another data breach — you need to take action and quickly to protect yourself and loved ones.

The data beach is simply enormous, both in size and richness of leaked data. Equifax announced that as early as mid-May 2017, 143 million US consumers were affected after unauthorized access of their data. The hack was discovered by Equifax on July 29th and it’s now taken the credit agency two months to announce the details, so consumers may already be affected.

The data breach is not 143 million email addresses or passwords. It’s detailed personal information — birth dates, Social Security numbers, addresses, and driver’s license numbers are all out there. Given social security numbers can’t be changed, this is highly valuable data for hackers that will remain useful for years to come.

For some particularly unlucky 209,000 US consumers, it’s their personal information, along with financial information and credit card data, which is another magnitude worse. For another 182,000 US consumers, certain ‘dispute documents’ with sensitive ‘personal identifying information’ were also accessed.

Equifax have set up a site where you can check if your data was compromised, although initial reports suggest that it’s frustratingly unclear – either telling affected people to check back again after September 13th, or seemingly confirming that data was breached with the line: “Based on the information provided, we believe that your personal information may have been impacted by this incident.”

Many people aren’t affected immediately by a data breach, but months or years later when their identity is fraudulently used. In an awful irony, this also can damage your credit score.

What you can do to protect yourself

Unfortunately, the onus is on thoroughly checking your financial statements and information closely. This includes checking for new credit applications that have been filed on your behalf by someone else or late payments on debts that don’t appear to be your own.

Equifax is offering a year of free credit monitoring and identity theft insurance for all US consumers via TrustedID Premier, regardless if you were hacked or not. (Users are reporting that the fine print says signing up for this free year may forfeit your right to sue Equifax for their data breach, so if your data was breached, do consider alternatives such as Credit Karma). Just 12-months coverage isn’t recommended either, you’ll be wanting checking for some years in the future.

It may be worth investigating putting a security freeze or credit freeze on your account

For those that appear to have had significant data breached, it may be worth investigating putting a security freeze or credit freeze on your account. This puts a lock on your Social Security number to prevent new lines of credit being opened.

Krebs On Security has some details in an old post on embracing a security freeze, while the Federal Trade Commission has more information on credit freezes as well.

Fraud alerts are another useful tool that you can set-up by contacting one of the major credit card bureaus — you can ask these companies to set an initial alert that lasts 90 days. A fraud alert set on your account forces credit card companies to take additional steps to verify your identity for legitimacy before opening an account. Fraud alerts are free.

It’s not your fault, but more protection always helps

There’s not a lot you can do about breaches of your data from a third-party. You trust these supposed stewards with your highly-sensitive information, and they fail you all too often.

However, what you can do is to double-check the security on your own devices and accounts. Two-factor authentication remains the best starting point, with the next best point being to never use the same password on different accounts.

We’ve also taken a look at the best security apps you can use for privacy and security on your Android device, including password managers, VPNs, private browsing apps, and more.

Read next: How to protect your privacy using Android


If you’re interested in protecting yourself with a virtual private network, you may consider checking out IP Vanish. Although somewhat expensive compared to bargain VPNs or freebies, IP Vanish keeps no logs and we’ve found it works well on Android. In disclosure, we do have an affiliate relationship with IP Vanish and may see a small percent of any purchases, but it’s a service we would recommend anyway.