Five Years After The Equifax Data Breach, How Safe Is Your Data? Bankrate Caret RightMain Menu Mortgage Mortgages Financing a home purchase Refinancing your existing loan Finding the right lender Additional Resources Elevate your Bankrate experience Get insider access to our best financial tools and content Caret RightMain Menu Bank Banking Compare Accounts Use calculators Get advice Bank reviews Elevate your Bankrate experience Get insider access to our best financial tools and content Caret RightMain Menu Credit Card Credit cards Compare by category Compare by credit needed Compare by issuer Get advice Looking for the perfect credit card? Narrow your search with CardMatch Caret RightMain Menu Loan Loans Personal Loans Student Loans Auto Loans Loan calculators Elevate your Bankrate experience Get insider access to our best financial tools and content Caret RightMain Menu Invest Investing Best of Brokerages and robo-advisors Learn the basics Additional resources Elevate your Bankrate experience Get insider access to our best financial tools and content Caret RightMain Menu Home Equity Home equity Get the best rates Lender reviews Use calculators Knowledge base Elevate your Bankrate experience Get insider access to our best financial tools and content Caret RightMain Menu Loan Home Improvement Real estate Selling a home Buying a home Finding the right agent Additional resources Elevate your Bankrate experience Get insider access to our best financial tools and content Caret RightMain Menu Insurance Insurance Car insurance Homeowners insurance Other insurance Company reviews Elevate your Bankrate experience Get insider access to our best financial tools and content Caret RightMain Menu Retirement Retirement Retirement plans & accounts Learn the basics Retirement calculators Additional resources Elevate your Bankrate experience Get insider access to our best financial tools and content Advertiser Disclosure

Advertiser Disclosure

We are an independent, advertising-supported comparison service. Our goal is to help you make smarter financial decisions by providing you with interactive tools and financial calculators, publishing original and objective content, by enabling you to conduct research and compare information for free - so that you can make financial decisions with confidence.
Bankrate has partnerships with issuers including, but not limited to, American Express, Bank of America, Capital One, Chase, Citi and Discover. SHARE:

On This Page

Elijah Nouvelage/Bloomberg/Getty Images September 12, 2022 John Egan is a freelance writer and content marketing strategist in Austin, Texas. He is a contributor for Bankrate and specializes in content focusing on personal finance, real estate and health and wellness. Among the outlets where John’s work has appeared are CreditCards.com, Forbes Advisor, Experian and U.S. News & World Report. He is the former editor-in-chief of the Austin Business Journal. Cathleen's stories on design, travel and business have appeared in dozens of publications including the Washington Post, Town & Country, Wall Street Journal, Marie Claire, Fodor’s Travel, Departures and The Writer. Bankrate logo

The Bankrate promise

At Bankrate we strive to help you make smarter financial decisions. While we adhere to strict editorial integrity, this post may contain references to products from our partners. Here's an explanation for how we make money. The content on this page is accurate as of the posting date; however, some of the offers mentioned may have expired. Terms apply to the offers listed on this page. Any opinions, analyses, reviews or recommendations expressed in this article are those of the author’s alone, and have not been reviewed, approved or otherwise endorsed by any card issuer. Bankrate logo

The Bankrate promise

At Bankrate, we have a mission to demystify the credit cards industry — regardless or where you are in your journey — and make it one you can navigate with confidence. Our team is full of a diverse range of experts from credit card pros to data analysts and, most importantly, people who shop for credit cards just like you. With this combination of expertise and perspectives, we keep close tabs on the credit card industry year-round to: Meet you wherever you are in your credit card journey to guide your information search and help you understand your options. Consistently provide up-to-date, reliable market information so you're well-equipped to make confident decisions. Reduce industry jargon so you get the clearest form of information possible, so you can make the right decision for you. At Bankrate, we focus on the points consumers care about most: rewards, welcome offers and bonuses, APR, and overall customer experience. Any issuers discussed on our site are vetted based on the value they provide to consumers at each of these levels. At each step of the way, we fact-check ourselves to prioritize accuracy so we can continue to be here for your every next. Bankrate logo

Editorial integrity

Bankrate follows a strict , so you can trust that we’re putting your interests first. Our award-winning editors and reporters create honest and accurate content to help you make the right financial decisions.

Key Principles

We value your trust. Our mission is to provide readers with accurate and unbiased information, and we have editorial standards in place to ensure that happens. Our editors and reporters thoroughly fact-check editorial content to ensure the information you’re reading is accurate. We maintain a firewall between our advertisers and our editorial team. Our editorial team does not receive direct compensation from our advertisers.

Editorial Independence

Bankrate’s editorial team writes on behalf of YOU – the reader. Our goal is to give you the best advice to help you make smart personal finance decisions. We follow strict guidelines to ensure that our editorial content is not influenced by advertisers. Our editorial team receives no direct compensation from advertisers, and our content is thoroughly fact-checked to ensure accuracy. So, whether you’re reading an article or a review, you can trust that you’re getting credible and dependable information. Bankrate logo

How we make money

You have money questions. Bankrate has answers. Our experts have been helping you master your money for over four decades. We continually strive to provide consumers with the expert advice and tools needed to succeed throughout life’s financial journey. Bankrate follows a strict , so you can trust that our content is honest and accurate. Our award-winning editors and reporters create honest and accurate content to help you make the right financial decisions. The content created by our editorial staff is objective, factual, and not influenced by our advertisers. We’re transparent about how we are able to bring quality content, competitive rates, and useful tools to you by explaining how we make money. Bankrate.com is an independent, advertising-supported publisher and comparison service. We are compensated in exchange for placement of sponsored products and, services, or by you clicking on certain links posted on our site. Therefore, this compensation may impact how, where and in what order products appear within listing categories. Other factors, such as our own proprietary website rules and whether a product is offered in your area or at your self-selected credit score range can also impact how and where products appear on this site. While we strive to provide a wide range offers, Bankrate does not include information about every financial or credit product or service. Five years ago, a massive data breach occurred. On Sept. 7, 2017, the Equifax credit bureau publicly revealed its computer networks had suffered a data leak that exposed the personal information of 143 million consumers, a number . That data included consumers’ names, addresses, dates of birth, Social Security numbers and credit card numbers — all of which could lead to identity fraud and other financial crimes. The data breach, announced six weeks after it was discovered, rattled the financial services industry, the cybersecurity sector and, most notably, the millions of consumers who were affected. The Equifax data breach had a powerful impact: Victims of the breach will benefit from a $425 million settlement that’s nearing its end. Federal lawmakers have made minor changes related to data privacy. Equifax has spent $1.6 billion to shore up its cybersecurity defenses. Five years after Equifax disclosed the breach, we posed the question to financial experts: Is personal data collected by the three major credit bureaus any safer than it was in 2017?

How safe is your personal data now

There’s no such thing as “bulletproof cybersecurity,” says James Lee, chief operating officer of the nonprofit Identity Theft Resource Center. Even the most secure, most advanced cybersecurity measures can and do fail. “That said, there is nothing inherently insecure or risky about the data protection practices of the three major credit bureaus,” says Lee. “Sometimes they have learned the hard way, but they have all made significant investments in cybersecurity and data protection, and are well positioned to safeguard the information they collect and maintain.” If you want to protect your data, can you simply not allow any of the credit bureaus to obtain and store your personal information? Technically, you can. But Lee notes that if you participate in the “modern digital economy,” your data almost certainly has been gathered by at least one of the (Equifax, Experian and TransUnion). Without this data, which the credit bureaus include in consumers’ credit reports, it can be difficult to get a credit card, open a bank account, obtain a loan, get a job that requires a background check or take advantage of any other credit-related parts of the economy. Lee says Equifax, in particular, now runs one of the best cybersecurity operations, not just among the credit bureaus but among all businesses. “But they had to get there by going through that very painful period,” he says. That breach cost Equifax a bundle. Consumers who filed a claim within the first claims period (before Jan. 22, 2020) were eligible for four years of credit monitoring services provided by Equifax, Experian and TransUnion, with up to $1 million in identity theft insurance. After the four-year period, consumers who successfully filed a claim could enroll in six more years of credit monitoring services from Equifax. Info Equifax settlement timeline July 2019: FTC announces Equifax had agreed to pay at least $575 million, potentially up to $700 million () January 2020: Settlement receives final approval from the court (FTC) Amount of actual settlement: $425 million () January 2022: Settlement finalized () February 2022: Settlement administrator sends activation codes to eligible consumers who opted for free credit monitoring services. (Equifax Breach Settlement) Fall 2022: Settlement administrator starts issuing benefits to consumers for eligible out-of-pocket costs related to the breach or identity theft arising from the breach, as well as time spent (up to 20 hours) recovering from the data breach. Anyone who lost money due to identity theft may receive as much as $20,000. (Equifax Breach Settlement) An Equifax spokesperson says the post-breach overhaul of the company’s data security program included investing $1.6 billion to improve security and technology and hiring more than 600 cybersecurity professionals. Equifax has built “one of the most advanced, effective and transparent cybersecurity programs in business today,” according to the spokesperson. Lee stresses, though, that it’s difficult for companies like Equifax to constantly outfox cybercriminals. “Whenever the security pros are more successful locking things down, the bad guys find another way around it,” he says.

Data security in 2022

Although five years have passed since the Equifax breach, more than 1,800 U.S. data breaches were reported in 2021, compared with a little over 1,500 in 2017, according to the Identity Theft Resource Center. Those numbers demonstrate a cold reality: Data breaches haven’t evaporated since the Equifax breach. Data breaches in the U.S. Year Number of breaches Number of people affected* *Number may include people outside the U.S.
Source: 2017 1,506 1.825 billion 2018 1,175 2.228 billion 2019 1,279 883.56 million 2020 1,108 310.12 million 2021 1,862 298.1 million 2022 (first half) 817 53.35 million Biggest data breaches in the U.S. Rank Affected entity Date reported Number of victims Source: 1 River City Media March 2017 1.37 billion 2 Yahoo December 2016 1 billion 3 Yahoo December 2016 1 billion 4 Yahoo September 2016 500 million 5 Veeam September 2018 445 million 6 Marriott November 2018 383 million 7 Exactis June 2018 340 million 8 Zynga September 2019 218 million 9 Deep Root Analytics June 2017 200 million 10 Dubsmash February 2019 161.55 million 11 Equifax September 2017 146.6 million 12 MyFitnessPal March 2018 143.61 million 13 Heartland Payment Systems January 2009 130 million 14 Apollo October 2018 125.93 million 15 Tetrad Computer Applications February 2020 120 million Adam Aviv, an associate professor of computer science at George Washington University, believes little has changed since the Equifax breach when it comes to protecting personal data. “More institutions are vulnerable to data breaches than we may have imagined, including firms who make their business in handling financial information, and the impact can be far-reaching,” says Aviv. You’d think stepped-up cybersecurity practices at Equifax and other businesses would translate to fewer data breaches, says Aviv, “but we don’t truly know.” In fact, according to an by the federal Consumer Financial Protection Bureau, consumers can’t reasonably avoid harm caused by the data security failures of a business. “They typically have no way of knowing whether appropriate security measures are properly implemented, irrespective of disclosures provided,” the report states. “They do not control the creation or implementation of an entity’s security measures, including an entity’s information security program. And consumers lack the practical means to reasonably avoid harms resulting from data security failures.”

More laws on the horizon

Since the Equifax breach, federal safeguards of consumers’ data remain largely the same as they did in 2017, experts say. Responding to the Equifax breach, federal lawmakers passed a measure that took effect in 2018, allowing consumers to freeze their credit reports at no cost. Previously, consumers in some states had to pay for a credit freeze, which restricts access to a consumer’s credit file. This makes it tougher for crooks to open accounts in someone else’s name. The law made several other changes related to credit freezes and fraud alerts. Beyond the 2018 law, no federal laws clamping down on the security of consumers’ data have been enacted, says Caitriona Fitzgerald, deputy director of the nonprofit Electronic Privacy Information Center. However, Fitzgerald and other consumer advocates do see a glimmer of hope on that front.

American Data Privacy and Protection Act gains traction

In July 2022, a U.S. House committee approved the American Data Privacy and Protection Act, the first time in years that such legislation has advanced so far in Congress. But with the clock ticking on the current session of Congress, supporters doubt the measure will go any farther this year. An added complication: House Speaker Nancy Pelosi, who controls the flow of bills in her chamber, has raised concerns that the proposal would preempt robust data privacy laws in her home state of California. On top of that, the U.S. Chamber of Commerce and other business groups in the measure called a “privacy right of action.” This provision would enable individuals to file suit over data privacy violations, rather than just federal regulators and state attorneys general. The Chamber of Commerce and other pro-business organizations say a federal-level privacy right of action would encourage a flood of abusive class-action lawsuits. Despite opposition from some in the business community, more than 80 percent of Americans support the American Data Privacy and Protection Act, according to a June 2022 by Morning Consult and Politico. Aside from creating a privacy right of action tied to consumers’ data, the act would: Prohibit the sale of individuals’ data to third parties without their explicit consent. Enhance privacy protections for children under 17. Require companies to dial back the amount of data they collect about individuals. “Unfortunately, in the last five years, companies have increased the amount of data they’re collecting about us and not deleting it when it’s no longer needed,” Fitzgerald says. “We always like to say that data that is never collected can’t be breached.”

How to protect yourself from a data breach

There are safeguards you can put in place for future data breaches. Be aware, though, that you may have already had your data breached and not even known it. Although the Equifax breach and many other data leaks have made headlines for years, many American consumers appear to be in the dark about breaches that have affected them. Shown facts from as many as three breaches that involved their personal data, 413 people were aware of only 74 percent of the breaches, according to a released in 2021 by the University of Michigan, George Washington University and the Karlsruhe Institute of Technology. While consumer advocates and technology experts put the burden of preventing data breaches on the collectors of data, rather than consumers, you can take the following steps to guard your personal information: Know who’s collecting your data and what they’re doing with it. Aside from being aware of that, Morgan & Morgan attorney John Yanchunis, who filed one of the class-action cases against Equifax on behalf of consumers, advises consumers to inform themselves about security measures that companies have in place to protect their data, including how . Create a unique, hard-to-guess login and password for every online account. Logins and passwords are “the keys to the kingdom today, because most people use the same login and password on every single account they have, both at home and often at work,” Lee says. “So if that is compromised, everything they have can be compromised.” Don’t share logins and passwords with anyone you don’t fully trust. Lee says people often slip up in this regard by providing credentials for their social media accounts to a supposed friend who actually turns out to be an identity thief. Freeze your credit reports. When someone activates a credit freeze, they severely restrict access to information in the report. This can prevent a scammer who’s stolen your personal data from using that information to apply for a credit card, loan or other financial product in your name. It’s free and easy to request and . on your credit file. Fraud alerts, which are free, notify creditors to take extra steps to verify your identity before approving a credit application. Use two-factor authentication. Two-factor authentication requires at least two ways of verifying your identity before you can sign into an online account. Take special measures to .

The bottom line

Since the September 2017 announcement of the Equifax data breach, the credit bureau has spent $1.6 billion to fortify its cybersecurity defenses. Five years later, consumer data kept by Equifax and the two other major credit bureaus, Experian and TransUnion, remains vulnerable to breaches, though. As Lee puts it, bulletproof cybersecurity does not exist. While the power to prevent data breaches largely rests with companies that gather and store our data, taking the steps above can help you safeguard your own information — and, hopefully, avoid becoming the victim of a data breach yourself. SHARE: John Egan is a freelance writer and content marketing strategist in Austin, Texas. He is a contributor for Bankrate and specializes in content focusing on personal finance, real estate and health and wellness. Among the outlets where John’s work has appeared are CreditCards.com, Forbes Advisor, Experian and U.S. News & World Report. He is the former editor-in-chief of the Austin Business Journal. Cathleen's stories on design, travel and business have appeared in dozens of publications including the Washington Post, Town & Country, Wall Street Journal, Marie Claire, Fodor’s Travel, Departures and The Writer.

Related Articles