Cybersecurity Alert: Equifax Data Breach Affects 143 Million Customers

September 8, 2017

Threat Summary

On September 7, 2017, Equifax announced that personally identifiable information for 143 million customers may have been compromised in a breach that occurred between May and July of 2017. The data includes names, social security numbers, birth dates, addresses, and driver's license numbers. Equifax set up a website so customers can determine whether their data was impacted. The company is also offering free identify theft protection and credit file monitoring services.

Customers can enroll in the credit monitoring and theft protection program, TrustedID, starting on Monday, September 11. Originally, Equifax said anyone who signs up is not allowed to sue or benefit from a class-action settlement. However, the company quickly updated its position after public pressure and is now offering an opt-out provision. So customers can get out of the arbitration requirement by notifying Equifax within 30 days of starting the program. It's also important to note that Equifax is offering to monitor affected customers’ credit scores but is not helping to fix credit scores that may be negatively affected as a result of the attack.

For more information, see Equifax's consumer notice:

ACA Aponix Guidance

ACA Aponix recommends taking the following precautionary measures:

  • Be wary of identify theft, scams, and inbound phone calls that reference any of this data.
  • Monitor your credit score, credit card statements, and bank accounts for any suspicious activity.
  • Place a security freeze on your credit report with credit bureaus.
  • Avoid using the exposed information as part of security validation questions.

If you have any questions, please contact your ACA Aponix consultant or email us at