Get the app
Get the app

Join millions of investors on Stash

Investing, simplified

Start today with as little as $5
Get the app
Money News

The Equifax Hack: What You Need to Know

September 08, 2017

  • Cybercriminals stole the personal details of 143 million consumers from Equifax, one of the three credit reporting bureaus in the U.S.
  • Criminals can use that information to set up fraudulent credit accounts in your name, and to commit other crimes.
  • If your identity has been stolen, there are steps you can take to recover, including contacting local authorities.
4 min read

News no one wants to wake up to: You may be one of millions of Americans now at risk for identity theft.

On Thursday the credit reporting agency Equifax said it had been the target of a massive cyber attack from mid-May through July.

What is Equifax?

Equifax is one of three credit reporting agencies, or bureaus. The others are Experian and Transunion. Credit reporting agencies collect data on consumers related to all aspects of their financial lives, including bank and credit card account information, mortgages, and bankruptcies. They file this information in something called a credit report.

Credit reporting agencies also create something called a credit score, ranging from 300 to 850; the latter is considered perfect credit. Credit scores affect the cost of loans, and all consumers who have applied for credit have a credit score.

What happened?

Equifax said cybercriminals gained access to its network by exploiting a website vulnerability, making off with the personal information for 143 million U.S. consumers ( nearly half the country’s population). That information included names, addresses, social security numbers, birth dates, and in some cases driver’s license numbers.

Additionally, criminals walked away with credit card details for 209,000 consumers, and personally identifying information related to credit disputes for an additional 182,000 consumers.

This kind of stolen information is bought and sold by criminals on the black market, and via something called the Dark Web.

Numerous other companies in recent years have suffered big hack attacks resulting in the loss of important customer data. Two such attacks include Yahoo, where names and email addresses for 3 billion customers were stolen in two separate attacks staring in 2013, and JPMorgan Chase which lost names and log-ins for about 80 million accounts in 2014. The Equifax hack attack, however, is the most significant such breach in terms of potential damage to consumers, financial experts said.

“On a scale of one to 10, this is a 10 in terms of potential identity theft,” Avivah Litan, a senior security analyst for research firm Gartner told the New York Times on Thursday. “Credit bureaus keep so much data about us that affects almost everything we do.”

The breach is also problematic because credit reporting agencies including Equifax provide services to consumers that monitor credit behavior for risk from fraudsters.

What could this hack mean for me?

What does this mean for investors?

The breach is bad news for Equifax, a publicly traded company entrusted with some of the most valuable information that consumers have.

As a side note, three top Equifax executives, including the company’s chief financial officer, sold stock worth nearly $2 million immediately following the breach, according to various reports. In response, Equifax said the executives had no knowledge of the break in prior to the sale, the Wall Street Journal reports.

On Friday, Equifax stock fell nearly 15% to $121 in early morning trading .

Note: Global Citizen, an ETF on Stash contains a small amount of stock in Equifax.

Equifax said cybercriminals gained access to its network by exploiting a website vulnerability, making off with the personal information for 143 million U.S. consumers ( nearly half the country’s population).

What can I do about it?

There are things you can do to protect yourself. Before you start panicking, read this:

Credit monitoring. Equifax says it will provide one free year of credit monitoring services, which consumers can sign up for online. It requires entering the last six digits of your social security number and last name. If you sign up, you’re agreeing to arbitration related to the use of Equifax’s credit monitoring service, but not for the hack attack itself, the company says.

Consider freezing your credit. This is a security measure that will make it more difficult for cybercriminals to open a new line of credit in your name. You can find out more about that here.

Change passwords for all online accounts, and regularly update them. This can include email, as well as financial accounts. Use two-factor authentication when possible. Various online services exist to help you secure your accounts. LastPass is one example. There are many others. Just because it is so important, we will say this again:  If any websites you use offer two-factor, turn it on.

Report it. If you become the victim of identity theft, report it to your local police department. Also file a report with the Federal Trade Commission, which can help you create an identity theft recovery plan. You can do that here.

Check your credit report for irregularities. You’re entitled to a free copy every year from each of the three credit reporting agencies.

Contact your local DMV if you believe your driver’s license number was stolen.

Contact the Social Security Administration if you believe someone has obtained, or is fraudulently using your social security number. The agency’s website can be found here.

Want to know more about the steps you can take to protect yourself? Click here.

By Jeremy Quittner
Jeremy Quittner is the senior writer for Stash.

Next for you
What’s the Big Deal About a Government Shutdown?

Investment Profile

Bonds Worldwide

An International Bond ETF on Stash

Learn more
Explore more articlesChoose a topic to learn more about
budgeting social media Careers market news Technology

This material has been distributed for informational and educational purposes only, represents an assessment of the market environment as of the date of publication, is subject to change without notice, and is not intended as investment, legal, accounting, or tax advice or opinion. Stash assumes no obligation to provide notifications of changes in any factors that could affect the information provided. This information should not be relied upon by the reader as research or investment advice regarding any issuer or security in particular. The strategies discussed are strictly for illustrative and educational purposes and should not be construed as a recommendation to purchase or sell, or an offer to sell or a solicitation of an offer to buy any security. There is no guarantee that any strategies discussed will be effective.

Furthermore, the information presented does not take into consideration commissions, tax implications, or other transactional costs, which may significantly affect the economic consequences of a given strategy or investment decision. This information is not intended as a recommendation to invest in any particular asset class or strategy or as a promise of future performance. There is no guarantee that any investment strategy will work under all market conditions or is suitable for all investors. Each investor should evaluate their ability to invest long term, especially during periods of downturn in the market. Investors should not substitute these materials for professional services, and should seek advice from an independent advisor before acting on any information presented. Before investing, please carefully consider your willingness to take on risk and your financial ability to afford investment losses when deciding how much individual security exposure to have in your investment portfolio.

Past performance does not guarantee future results. There is a potential for loss as well as gain in investing. Stash does not represent in any manner that the circumstances described herein will result in any particular outcome. While the data and analysis Stash uses from third party sources is believed to be reliable, Stash does not guarantee the accuracy of such information. Nothing in this article should be considered as a solicitation or offer, or recommendation, to buy or sell any particular security or investment product or to engage in any investment strategy. No part of this material may be reproduced in any form, or referred to in any other publication, without express written permission. Stash does not provide personalized financial planning to investors, such as estate, tax, or retirement planning. Investment advisory services are only provided to investors who become Stash Clients pursuant to a written Advisory Agreement. For more information please visit