Equifax Data Breach, Genealogy and You

What, you may be asking, does the Equifax data breach this week have to do with genealogy?

The answer is actually twofold.

  1. Everyone who works with genealogy now lives in a technology world – or you wouldn’t be reading this.
  2. People tend to use pieces of information to secure accounts – like their mother’s maiden name, their address, birth location and other pieces of data that they can remember. Don’t. Just Don’t. I’m begging you!

And please, please read this article, even though it’s not specifically about genealogy. I spent 30 years in the technology industry, and believe me, if your identity is stolen or your finances compromised, it WILL interfere with your genealogy research, big time.

The Breach

I don’t normally discuss news items, but this security issue is mammoth, the largest breach ever, and could potentially destroy your credit and compromise your identity, either or both.

What’s worse yet, the breach itself occurred mid-May through July, Equifax discovered it on July 29th, but consumers weren’t notified until September 7th, 5 weeks and 5 days later, and then only in the news, not personally. That means that the crooks have had between 6 weeks and 4 months to use or to sell, or just hold your information to sell later.

You can read more about the breach here and here as well as a New York Times article with an update and additional instructions this morning, here.

Please do read those articles to understand the magnitude of this issue. The breach affects more than 143 million people, mostly Americans, with an additional 209,000 credit card numbers stolen as well, along with 182,000 “dispute documents” with additional information.

The US has about 260 million adults, so roughly 55% of the adult population has been affected by this breach. In other words, there is more than a 50% chance that your personal information, enough to file a tax return on your behalf and claim your return, among other things, is among thieves right now, on the black market.

And no, I’m not exaggerating.

Not. One. Bit!

AND, that’s just how many account records are known to be compromised. Equifax may not know the full extent of the breach.

If your spouse’s records are compromised, and yours aren’t, you may think one of you is safe.  But guess again – because your life, credit and resulting misery is inextricably linked together.

If one is breached, both are breached. Period. So the actual breach numbers may actually be closer to 100%, based on “breach by marriage.”

My husband and I have been working on this issue all day today (and no, we didn’t have anything better to do, thank you for asking) and discovered that our shared account numbers are listed, with both names, of course.  My accounts are his, and vice versa. Initially, only one of our Equifax accounts was reported as breached, which would have provided a false sense of security for one of us, until we looked closely.

However, later today, both accounts were reported as breached.

What Was Taken?

Equifax and other credit reporting agencies routinely track your credit history, including account numbers, as well as identifying personal information.

Information about consumers stolen from Equifax includes or may include:

  • Name and Addresses (current and old)
  • Credit History including balances and balance available
  • Account Numbers
  • Social security numbers (the hottest most desirable piece of your information for crooks)
  • Birth dates
  • Driver’s license numbers

The aspect that make this breach so serious is that it includes multiple pieces of information that should be unique to identifying you – such as your birthdate and social security number.  You can’t change those or get new ones to protect yourself – and the crooks know that.

Additional information in your file that Equifax has not said was or was not compromised includes:

  • Employer and position (current and former)
  • Employment dates
  • Phone numbers
  • Spouses name

I would presume that this too was compromised.

If you think your information isn’t at Equifax, you’re wrong, because Equifax, as well as the other credit reporting services, routinely gather identifying and financial information about everyone.

How Do I Find Out About My Information?

Equifax has set up both a telephone hotline (that is, *surprise*, entirely jammed) and a website for you to enter a partial social security number along with your surname to determine if your account was compromised.


Click on the tab at the top of the page that says “Potential Impact.”

If your data is not known to be part of the breach, you see a notice to that affect, but note that the wording is not definitive. It says:

“Based on the information provided, we believe that your personal information was not impacted by this incident.”

However, and this is a HUGE HOWEVER, when I tried this a second time, to be sure of the wording for this article, I got the opposite result for the same person, which said,

“Based on the information provided, we believe that your personal information may have been impacted by this incident.”

Bottom line, I don’t think Equifax knows for sure and their system appears to be flawed, so ASSUME YOUR DATA HAS BEEN BREACHED.

If your information is known to be part of the breach, you are given the option for free credit monitoring, BUT, you must remember to return to the site on a specific date to begin credit monitoring. Personally, I think they should be required to provide this service AT A MINIMUM for everyone, but they are not. Neither are they making it easy.

Equifax provides you with a date that you must return to their website to set up credit monitoring service. Mine was September 11th. You have to remember. They aren’t going to remind you. This credit monitoring service is initially free, but becomes a chargeable service at some point in the future AND you have to relinquish your right to sue in order to obtain this free service. So yes, strings are attached.

Furthermore, a free year of monitoring won’t help you in the future, beyond year 1, when the crooks still have your data. The crooks know this and may simply wait for a year to begin using the information. You must assume your data base been breached permanently and act accordingly.

Worse yet, a free year of monitoring at Equifax, or even permanent monitoring at Equifax won’t help you at the other reporting agencies.  The crooks can and will take your valuable information and simply use it elsewhere.

What Is Credit Reporting and Monitoring?

Credit reporting companies like Equifax gather information about you and your credit, including open and closed accounts, so that when you apply for a loan, the loan originator (the bank for example) only has to call one of three credit reporting services to obtain your information and verify that you are a good credit risk – instead of calling each of your current and past creditors individually.

Equifax is one of those services, along with Experian and Transunion.

A credit monitoring service, offered by a credit reporting company life Equifax, reports activity to you when it occurs on your account. That means if someone applies for a new credit card in your name, you are notified. That does NOT mean that the transaction is prevented. This also does nothing to stop other fraudulent activities, such as filing for your tax refund, running up medical bills in your name or charging items on an existing credit card.

Or, worse yet, using your information in your stolen Equifax account information to attempt to hack your passwords at banks, Paypal, etc.

There are other options for consumers, in addition to or instead of a credit monitoring service, such as a credit freeze or a fraud alert, which we’ll discuss just as soon as we talk about passwords and security questions.

Don’t Use Familiar Records as Part of Your Password or Security

Using information about you that is publicly available, or available in your credit report allows the crooks to crack your passwords much easier. And yes I’m referring here to passwords for financial accounts like bank accounts, retirement and investment accounts and Paypal.


• Your mother’s maiden name
• Your address
• Your previous address
• A pet’s or child’s name or any name that can be found publicly, on any service like Intellus or social media platform like Facebook
• A hobby that is discussed publicly in any way (so genealogy, DNA, genetic genealogy, quilting and gardening words are all out for me)
• The name of a school that you attended
• Your, your parents’ or grandparents’ birth locations
• A date such as a birthday or an anniversary
• Pretty much anything you can remember easily

Let’s look at steps you need to take to protect yourself.

Twelve Fourteen Steps to Protect Yourself Right NOW!!!

Yes, I added two more steps because it’s critical to protect yourself and your family, now. Please complete ALL of these steps to secure yourself.

First, check the Equifax site to see if your information is known to be breached. Regardless of their answer, assume that it has been.


Click on the Potential Impact tab.

Second, order a free credit report, which you can do once yearly, from Annual Credit Report at the link below. Do NOT fall for scam sites that offer free reporting or your credit score.


Order a report from all 3 credit reporting companies to be sure that no fraudulent activity has taken place to date and that your report is accurate.

Unfortunately, and somewhat maddeningly, when we attempted to order our free credit report online for Equifax, the process has changed and we now have to fill out a form.  Yes, I know their system is probably overwhelmed by this, BUT, making receiving a free credit report to which the consumer is entitled at a time like this difficult is reprehensible.  Do whatever you have to do to obtain your reports, because this breach is incredibly serious.  Do not be deterred.

Third, while credit monitoring only tells you what has already taken place, placing a fraud alert on your account means that a lender must contact you to verify your identity before issuing credit in your name. However, this can only be done for 90 days when it expires. You must renew it every 90 days at Equifax, Transunion and Experian, all three. Again, the results of this breach will be very real for years, so 90 days isn’t going to help you if you forget to call and put the alert on your account every 90 days.

Fourth, put a credit freeze on your account. A credit freeze actually freezes your account at the credit reporting agencies, meaning that if you are going to apply for credit, you have to go into your credit account and unlock your account with your pin to unfreeze the account, then refreeze it when you are done applying for new credit. The credit freeze service isn’t free in every state, but typically costs under $10, if anything, and is a whole lot less than the headaches you could have otherwise. Be sure to freeze your credit at all 3 credit reporting companies. This is what I’m doing. You can read more about this process here.

Fifth, many credit cards have an option to notify you when charges are made on your account through text messaging before the end of the month when your bill is sent. Visit your credit card provider to see if this option is available, enabling you to catch fraudulent credit card activity immediately instead of later when your bill arrives.

Sixth, monitor your credit card bills closely. Look back over your accounts since April. You might want to close any accounts you don’t need or use anymore.

Seventh, change your passwords on existing accounts, everyplace, just in case, especially any that include any piece of information that even MIGHT be held in a credit report or public location.

DO NOT use any type of identifying information such as your place of birth, mother or grandmother’s maiden name, or anything else that is in any way publicly available on a social media site, your tree at a genealogy site or anything else that can in any way be associated with you.

Eighth, at tax time, file your return immediately, as soon as possible. Guaranteed, if the crooks target you, they’ll file as soon as they can and you won’t find out you’ve been scammed until the IRS tells you that they already processed your refund and it’s long gone.

Ninth, be sure, absolutely positive, that your spouse takes these steps too, because if they are exposed, so are you!

Tenth, help family members that are not technologically savvy to be sure they are protected. The elderly are often targets.

Eleventh, this could not have happened at a worse time with hurricane Harvey in Houston and Irma positioned to strike Florida. Be sure family members in those locations who are distracted presently are aware that this security issue occurred, that their data may well have been breached, and that they need to take action – sooner rather than later.

Twelfth, take action NOW. Delay may well mean money – yours – gone – in someone else’s hands.

• Thirteenth, check your children’s names and social security numbers at the credit agencies.  Social security numbers of children are considered high value items, because they last so much longer. Young children shouldn’t be in the system, but teenagers, you never know and much better safe than sorry.

Fourtheenth, never ignore what seems like a “mistake” on a credit report, such as a misspelled name or an extraneous address.  On my husband’s report, his name was misspelled, only slightly, in one “odd” entry and it turns out that someone had run up bills in his name in another state.  When the creditor attempted to collect by contacting my husband, that’s when my husband discovered the issue. This also pertains to reported unpaid medical bills on your credit report.  I know of someone who supposedly had a baby and was billed by the hospital for an exorbitant amount after her identity was stolen.

You can visit the Federal Trade Commission site to learn more about identity theft and how to protect yourself.


Ok, when you’re done with all that, feel free to resume genealogy research!

However, from here forward, you can never be complacent or really rest easy, because your identity truly is in jeopardy, forever.

Please note that these actions may not be the only actions you’ll need to take to keep yourself safe, now, or over time.  This story and the ramifications are still developing.  Please educate yourself and follow credible news sources.



I receive a small contribution when you click on some of the links to vendors in my articles. This does NOT increase the price you pay but helps me to keep the lights on and this informational blog free for everyone. Please click on the links in the articles or to the vendors below if you are purchasing products or DNA testing.

Thank you so much.

DNA Purchases and Free Transfers

Genealogy Services

Genealogy Research

71 thoughts on “Equifax Data Breach, Genealogy and You

  1. I’m hunting and hunting for somewhere to check my cc # and don’t find it. The equifax link takes me to a press release type page but no directions for checking to see if my # is on the list.

  2. The Equifax USA website says “Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps”. There is no mention of a security breach on the Equifax UK website yet.

  3. Thanks! Yes, my wife and I are in the “possibly affected” group…lovely. I would add that you have to go to the “Check Potential Impact” on the website to get to the name and ssn test.

  4. Just now I had to apply for the “free” offer in order to input my ss # and found out it’s not listed. Small comfort since I don’t believe them. But why make this information contingent upon accepting the “free” credit monitoring service. I think you are 100% right. They will make money on this.

  5. For UK readers, it is possible to check your reports at all three agencies multiple times free of charge. Equifax – use ClearScore. Experian use MoneySavingExpert Credit Club. Call Credit (who work closely with Transunion) use Noddle. All are reputable portals.

  6. There is only one solution to this problem, and it involves the destruction of Equifax. I was one of the people who was affected by the breach, and rather than wait for Congress to do something, or a class action suit that results in a $20 check for you and me, and a multi-million dollar payday for some law firm that happens to win the race to file first, we have to treat this as something in our own hands as consumers.

    Write or email all of your creditors, asking them to not report credit information to Equifax, and especially not to pay Equifax for any credit reporting information. This will crush Equifax, and it will serve notice on TransUnion and Experian that they need to have military-grade security on the most sensitive information on consumers. Get this word out to your friends on social media, if enough of us tell our creditors that we are completely disgusted by the lax security and enormous time delay (during which time some insiders at Equifax made money by dumping shares of its stock), maybe they’ll consider punishing Equifax.

    It’s in their interests, too, cyberfraud costs creditors a lot of money, with having to reissue credit cards, track down fraudulent purchases, and pay the losses on bogus transactions. Do we really need three credit reporting bureaus, especially if one of them is grossly incompetent?

    We can get some further publicity if a petition at the White House gets noticed by the media. Regardless of what you think of the officials in whatever branch of government, the petition option at the White House always gets coverage if there is a sudden surge in interest for a new topic. This problem affects us all, no matter how we choose to vote.

    Please sign at:


    Thank you.

    • My letters are written, ready to mail. Not sure what my creditors will do, but your idea made me feel more pro-active.

  7. If you are hit with multiple identity theft occasions, Social Security will allow you to request a new SSN. It’s probably not an easy solution to get it done, but it can be done.

  8. Another item to be VERY concerned about is this. It is from CNBC, but I found it on multiple sources:


    Basically, by subscribing to their 1-year notification system, you will start being charged at the end of the 1-year period (minor – put a calendar reminder in your phone) but most importantly, it appears that you waive your rights to sue Equifax, rather, you must go to arbitration. Terrible, terrible, terrible.

      In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident.”
      So at least there’s that.

  9. Thank you for this post. Though I knew about the data breech, I have been lazy until you pushed me to act! The Equifax link is for that date or later, so it is OK if you don’t do it on that date. I do have to write away for my reports though, and it is time for me to get going. I am also going to request reports for my deceased parents, and suggest that for others as well — especially if you had joint accounts.. I will save this post. Thanks again.

  10. Thanks, Roberta for the article. I might want to mention that the length of time that was taken to ‘announce’ this by the CEO’s, concerned me because before it was announced (according to the news on one of the financial channels), the head bosses SOLD their shares. Whether this turns out to be true and there is something ‘odd’ about it, your advice is good for all of us.

  11. Roberta,

    Thank you for posting all this. I’ve always found Equifax difficult to get a credit report from. The other two are not.

    John Holmes Smith

  12. News reports that once you go yo their website, small print, you are giving up certaint rights.

    On Sep 9, 2017 12:40 PM, “DNAeXplained – Genetic Genealogy” wrote:

    > Roberta Estes posted: “What, you may be asking, does the Equifax data > breach this week have to do with genealogy? The answer is actually twofold. > Everyone who works with genealogy now lives in a technology world – or you > wouldn’t be reading this. People tend to use p” >

  13. Thanks for this post, Roberta. I have to say I’m having a devil of a time setting up credit freezes (no surprise, I guess!) Transunion was great — I could do it online and paid my fee (as a Texan, a fee applies to me). Experian — local to the D/FW area — also had an online site I located with some difficulty (many of their website links come up “not found”). Got all the way through the process and — guess what, I need to upload scanned docs (DL, bank statement w/ my address, etc.) Well, I had errands to run so figured to come back later; that URL to upload doesn’t work anymore.. ugh. And — Equifax — I won’t even get started! Can’t even get my free credit report from them through the annualcreditreport.com site… Still working this stuff. Ugh!

    But again, thanks! Seems like there’s not much news on this with so many news folks focused both on the hurricanes and certain political personalities.

  14. Thank you SO MUCH for taking the time to share that vital information!! So appreciated!

    Sent from my iPhone


  15. Thank you for taking the time to give us all the details. I’ve been working this for 3 hours! but its worth the time. Appreciate you sharing the information. By the way, the first time I tried to get my credit report from Equifax, their site was “down for maintenance”, but when I tried it again about an hour later, I was able to download a copy. The freezing and fraud alert processes were not user-friendly, but I’ll get it done – thanks to your blog.

  16. Thanks you so much, Roberta! If not for you, I wouldn’t have just now found out that my info has most likely been compromised by Equifax’s data breach, probably along with 90 percent of the rest of us. Also, when looking at one of my free reports, I saw that I initiated a credit inquiry about three weeks ago (NO I did not!!) Although I tried to go ahead and take care of that issue online, I was entered into a never-ending loop: finally I got a “we are sorry for the inconvenience, please re-submit at a later time.” I guess people are facing hurricanes and floods, and maybe I can wait a couple days. I have heard that all our data is for sale on “the dark web.” I wish someone would hack that!! Best wishes to everyone who is currently facing all these terrors we have bearing down on us!!

  17. Somewhat along the same lines, are the “Passcode Safes” such as Norton’s Identity Safe a good idea? If I understand correctly, you have one main password to log in to their “safe” when accessing, say, your credit cards online…sure would make life a lot easier.

  18. A friend of mine made the suggestion to me that another way we can help ourselves re: identity theft is to what amounts to a background check on ourselves. He pointed out to me the consumerfinance.gov website. On this page: https://www.consumerfinance.gov/ask-cfpb/what-are-specialty-consumer-reporting-agencies-and-what-kind-of-information-do-they-collect-en-1813/ is a summary of the kinds of companies that collect data on us in addition to the Big 3 credit bureaus. Also on at that page is a link to the CFPB’s 2016 listing of those companies, including their contact info and websites. In many cases, we can request a report (free or for a fee) from them to review the information as we do with the credit bureaus (hence my friend’s use of the phrase “background check”).

    I will certainly be checking into this.

  19. My husband and I have been dealing with identity theft and identity fraud for about 6 years now. The worst part is we KNOW who has been using our personal information. It sucks. You can have your social security changed if your identity is stolen, BUT it is a pain, you basically have no credit history after that and that can cause problems and headaches also. We freeze our credit and have an open investigation with the FTC. This website has helped a lot. https://www.consumer.ftc.gov/topics/identity-theft

    Best thing you can do for yourself is check your credit every 6 months to a year or more often than that. If you see things ALWAYS report them even file police reports and reports through the FTC. Roberta, I sure hope you don’t have to deal with the things we have….it’s a pain in the neck!

  20. Roberta, Thanks for this. We are busy ripping out sheetrock after Harvey and only have limited access to viewing the news. Very concise and informative.

  21. Pingback: Genealogy, Identity Theft and Equifax Update | DNAeXplained – Genetic Genealogy

  22. Thank you, thank you, thank you. I read about this in my local newspaper today, too, but found your information MUCH MORE helpful! I’ve gone to the site and enrolled in the program, but as you stressed over and over again, this is a LIFELONG problem for all of us now. Sometimes technology is a very, very bad thing…sadly. However, if it weren’t for technology, my family tree would be pretty darn empty. 🙂 Thanks again! By the way, I’m copying part of your article and posting to my FB page. Sure hope that’s OK with you. If not, please message me ASAP! As I said, you’re information was much more thorough and informative than what’s on the Experian site or in my newspaper!

      • Roberta – this is Lauren McGuire. Another link that’s very informative on Deed fraud-http://www.dre.ca.gov/files/pdf/ca/2012/consumeralert_forgedfraudulentdeeds.pdf

        On another note – I checked all of mine and my husband’s credit reports and saved them to PDF because there are too many pages to print out. Then it dawned on me that I have to delete the PDF’s from my computer and not to even consider emailing them to myself or keeping an electronic thumbprint of them anywhere. If anyone hacks into my computer or into my online backup (Carbonite) then all bets are off – a thief will be able to impersonate me with the credit bureaus.

        Since I still want a copy of them all, I’m going to grab a thumb drive and store it in a safe deposit box.

        Thanks again for all of your hard work in writing the two blogs on this matter!

  23. Thanks Roberta !!! That’s something I never would have known if it wasn’t for you. I told my husband about it and he said it was probably “fake news”. Boy how I dislike that new excuse for everything now days. I told him it wasn’t fake and when he asked why, I told because Roberta said it wasn’t……. He’s heard me talk about your DNA and genealogy articles for a long long time so he didn’t ask anymore questions, he knew exactly who I meant when I mentioned your name.
    Anyway, I was looking up more on it tonight on CNBC, Washington Post and etc. and they suggested not using Equifaxes Track ID protection. They said there was a deeply buried clause in it that would limit a person, or even exclude a person being encluded in a class action suit to recover damages if they use Track ID from Equifax. The reports also said Track ID is a trial, which some people may not realize. They also said for those who don’t realize it’s a trial, or even those who do know and forget to cancel, that it would be difficult for them to get out of the Track ID protection program which is somewhat pricey.
    I’m not much into legal jargon but that’s the gist of what I got out of it. You might want to check into it and advise others a little differently if you agree with CNBC and others who are reporting on the breach and think it’s better not to use Track ID. With that being said after showing those reports to my husband he’s going to the bank tomorrow to look at options to safeguard our various accounts from identity theft.
    Thanks again, I’ve never missed one of your articles yet and never will. In fact I’ve read several of them more than once. I love both your humor and extensive knowledge. You’re the best 🙂

    • Hi Penny. Equifax has rescinded the language that you give up rights over the breach. Please read the second article I wrote too. I simply froze my credit which means I have to unfreeze it when I need to purchase a new car or otherwise obtain credit. It’s a pain, but safer.

  24. Hi Roberta, I appreciate your quick reply. It’s good to know the wording has been changed so that we won’t give up our rights over the breach. My husband is going to the bank this morning to setup protection on our accounts. It wouldn’t surprise me if freezing our credit is what he winds up doing. I’m going to re-read your second article again. Sorry to have bothered you, I obviously didn’t read it carefully enough the first time. You’re not only a DNA and genealogy angel, but a financial angel as well. Thanks again.

    • The second article has a screen shot of what Equifax says about the giving up rights part. I didn’t think you saw that part:). Unfortunately this mess seems to be changing daily. It will be interesting to see what the bank says.

  25. I think I read the article in kind of a panic and I did miss the screenshot. I saw it this time ” loud and clear” if you can say that about seeing something 🙂

    • Hi Roberta,
      This is kind of a late response, but our bank had my husband sign up for their identity protection plan. The plan is called “Fraud-Defender” and it’s only $2.95 per month. I was going to go into the bank with my husband but the irony of it is a few hours after adding my comment here I broke my foot and while my husband was in taking care of the bank I was in surgery getting hardware put in my foot.

  26. Roberta, where can I find the ‘form’ you mentioned to request your free credit report from Equifax please? The other two companies worked fine on the free credit report website, but Equifax doesn’t do diddly–figures! Thx cuz!

  27. Thank you, Roberta, for the extremely nice summary of this situation. I used the links you provided. There’s been an update dated today, just fyi. Again, thanks for the info. Jo Ann Rowley-Minhoto

  28. I followed your advice and logged onto the site to find out if Equifax acknowledged my information had been compromised. When I did, I got a warning from my Firefox browser that a threat was detected and that the site was infected with a malware. You might want to run a scan of your system to ensure your system is virus free.

  29. Thank you for the information. It got my wife and I to do something pronto about protecting our credit information. The breach seems to have caught everyone’s attention as all three services were overloaded and suggested to try later. I don’t know if anyone else got fooled, but I signed up for a “credit lock” instead of a “security freeze” at TransUnion. At the time it said it couldn’t process my credit card but I noticed this morning that I was dinged for $19.95 on my card. I think this is an open-ended monthly subscription that I need to drop. Ugh!

Leave a Reply to Anniedear Woeltz ChappellCancel reply