This story was updated Tuesday, September 12.
Here's another one for the data-breach record books: An estimated 143 million U.S. consumers may have had sensitive personal information exposed to hackers in a major breach involving Equifax, one of the nation's three major credit bureaus.
Even if you've never used Equifax services, your information could be at risk — the company collects data from credit card companies, banks, retailers and other lenders who report credit activity to any number of credit-reporting agencies.
Here's how to check if your information has been compromised and, if so, what you could do about it.
How to Check If You Could Have Been Affected
In the aftermath of the breach, Equifax has set up a site for users to check whether their information may have been exposed.
You'll be prompted to provide your last name and the last six digits of your Social Security number; if the company suspects your info could have been compromised, you have the option to enroll in the credit bureau's TrustedID Premier services on a specific date. This is normally a paid credit-monitoring service that the company is offering free for one year, regardless of whether or not your information was part of the group that was impacted.
But Take Note: Some critics have slammed Equifax for asking for part of your Social Security number in order to check whether you were affected, and some people who have read the fine print found language that indicates if you enroll in TrustedID, you could be giving up your rights to sue. So it's important to weigh these risks before you use the site or the service.
What Information Could Be at Risk
Users' names, Social Security numbers, birth dates, addresses and some driver's license numbers could be impacted. The credit card numbers for approximately 209,000 consumers and personal identifying information from dispute documents for an estimated 182,000 consumers had also been accessed. Equifax will send direct mail notifying consumers if their credit card numbers or dispute documents were compromised in the cybersecurity breach.
Hackers had access to Equifax data from May to July 2017, and the breach was detected July 29.
What to Do Next
If you're concerned about identity theft, placing a fraud alert on your credit requires businesses to verify your identity before it issues a line of credit; this can make it harder for identity thieves to open new accounts in your name. If you notify one credit reporting agency, it will also notify the other two to do the same. Fraud alerts set with the three major credit bureaus are free, last for 90 days and can be renewed.
To prevent misuse of existing accounts, you may consider freezing your credit with each of the three major credit-reporting agencies. This means no new lines of credit can be opened under your name unless you use a personal identification number to "thaw" your credit for legitimate applications. Freezing your credit can cost around $5 to $10 depending on where you live; thawing your credit temporarily to apply for a new line can be free or up to $10.
Services like Lifelock, EZ Shield and Identity Guard provide further fraud protection, according to Al Pascual, a senior vice president and research director at the security firm Javelin, as told to MarketWatch. Paid membership can mean access to help correcting identity theft issues and black market website surveillance.
And as always, check your online bank, credit and insurance statements frequently to monitor any suspicious activity. Equally key is requesting your annual free credit report from each of the three major bureaus by visiting AnnualCreditReport.com. Check that all your personal information is accurate and there are no new open lines of credit you don't recognize. The Federal Trade Commission has more information about how to handle a data breach, protecting your identity and more.