What Was the Equifax Leak?

The Equifax leak was a 2017 cyber‑attack that exposed personal data of roughly 147 million U.S. consumers and additional records worldwide. Attackers entered through an unpatched Apache Struts vulnerability, remained undetected for weeks, and the breach was publicly disclosed in September 2017 via Equifax announced the breach in September 2017.

The compromised data included names, Social Security numbers, birth dates, addresses, and, where available, driver's license numbers. About 209 thousand credit‑card numbers and 182 thousand dispute‑resolution documents were also taken. The next section describes how the attackers stole the data, followed by a detailed look at which personal details were exposed.

Attackers breached the Equifax system by exploiting an unpatched Apache Struts vulnerability. The flaw let them run arbitrary code on the public‑facing web portal and move silently into the data warehouse where roughly 147 million U.S. records and additional global files lived.

1. Found the flaw - The attackers scanned Equifax's internet assets and located a Java‑based portal running Apache Struts that had not received the December 2017 patch for Apache Struts vulnerability CVE‑2017‑5638.
2. Injected malicious payload - By sending a crafted HTTP request they triggered the Struts exploit, which executed a remote code payload on the server.
3. Installed a web shell - The payload dropped a lightweight web shell, giving the intruders persistent, remote command‑line access to the compromised host.
4. Escalated privileges - Using the web shell they harvested service account credentials stored in plain text, then leveraged those accounts to log into internal databases and file‑transfer systems.
5. Exfiltrated data - Over weeks they copied tables containing Social Security numbers, birth dates, addresses, and driver's‑license details to external servers, masking traffic to avoid detection.

The Equifax leak gave attackers access to several core identifiers.

• Full legal name and date of birth
• Social Security number
• Residential address (current and prior)
• Driver's license number (including state of issuance)
• Credit card numbers with expiration dates and CVV (for about 209,000 consumers)
• Dispute‑resolution documents containing personal financial details

Around 147 million U.S. consumers were compromised, plus roughly 209 000 people in the United Kingdom, about 15 000 in Canada, and an additional ~3 million individuals elsewhere, bringing the global total to just over 150 million people.

These figures are drawn from the official Equifax breach settlement details, underscoring that while the United States bore the brunt, the leak's reach extended worldwide and informs the identity‑theft risk discussed next.

Equifax allowed the breach by ignoring a publicly disclosed Apache Struts vulnerability and failing to deploy the available patch, leaving a direct entry point for attackers.

The company's patch‑management process was fragmented, its security staff were understaffed, and internal audits did not flag the unpatched software, so the flaw remained exposed for months Equifax's failure to patch known vulnerability.

That oversight let the hackers slip in, harvest personal data on roughly 147 million U.S. consumers and millions more worldwide, and set the stage for the identity‑theft risks we explore next.

The Equifax breach turned your basic personal data into a ready‑made toolkit for identity thieves. Because the breach exposed Social Security numbers, birth dates, addresses, and, for many, credit‑card or driver's‑license numbers for roughly 147 million U.S. consumers and about 209 million people worldwide,

criminals now have the core identifiers needed to impersonate you online or offline, and the FTC outlines steps to protect yourself.

• New‑account fraud: thieves can open credit cards, loans, or utility services in your name.
• Tax‑return theft: SSN and DOB let fraudsters file false returns and claim refunds.
• Medical identity theft: exposed data lets impostors obtain care or prescriptions billed to you.
• Account takeover: attackers combine exposed info with passwords from other breaches to reset online accounts.
• Synthetic identity creation: criminals blend real data with fabricated details to build new credit profiles that are hard to trace back to you.

You verify exposure through the official Equifax breach portal and by reviewing your credit reports.

The Equifax portal asks for your full name, current address, date of birth and Social Security number. After you submit these identifiers, the site tells you whether your records were part of the 2017 breach.

• Visit the Equifax security notice site and select 'Check Your Credit'.
• Enter name, address, DOB and SSN exactly as they appear on your credit file.
• Review the results; the portal will flag compromised accounts and provide next‑step guidance.
• Obtain a free credit report from AnnualCreditReport.com to see all listed accounts.
• Look for unfamiliar lines, new credit inquiries, or accounts opened after the breach date (mid‑2017).

These two checks give you a clear answer: if the portal flags you, your data was leaked; if not, your Equifax records were not part of the breach.

Take these five actions right now to limit damage from the Equifax breach.

1. Verify exposure on the official portal. Visit the Equifax site and enter your personal details to see if your information appeared in the leak.
2. Freeze or flag your credit. Contact the three major bureaus and place a security freeze or fraud alert; this stops new accounts from opening without your permission.
3. Review credit reports weekly. Pull a free report from each bureau and scan for unfamiliar loans, inquiries, or address changes.
4. Update passwords and enable MFA. Change login credentials for any service that used your Social Security number, birthdate, or other exposed data, and add two‑factor authentication where possible.
5. Add identity‑theft protection. Enroll in a monitoring service that alerts you to new activity and offers restoration help, especially if you are among the roughly 147 million U.S. consumers affected.

Freeze your credit as soon as you learn your information appears in the Equifax breach, and keep it frozen until you can confirm no new unauthorized accounts have been opened. If a credit‑reporting agency sends you a fraud alert, or you notice suspicious activity while monitoring your reports, add the freeze immediately.

The leak exposed Social Security numbers, birth dates and addresses for approximately 147 million U.S. consumers, making a credit freeze the fastest way to stop thieves from turning that data into new credit lines. A freeze blocks all inbound inquiries, so criminals cannot exploit the exposed details to open loans, cards or utilities in your name.

Lift the freeze only for a verified lender, then relock it when the transaction finishes. For step‑by‑step instructions, see the FTC guide to credit freezes.

Here's a side‑by‑side price snapshot of Experian's paid tiers versus the only direct competitor we compare, The Credit People.

• Experian CreditWorks Basic  -  $19.99 / mo (or $179 / yr) - Experian CreditWorks pricing
• Experian CreditWorks Plus  -  $39.99 / mo (or $299 / yr)
• Experian CreditWorks Premium  -  $49.99 / mo (or $399 / yr)

• The Credit People Basic  -  $14.95 / mo (or $119 / yr) - The Credit People pricing
• The Credit People Plus  -  $24.95 / mo (or $199 / yr)
• The Credit People Pro  -  $34.95 / mo (or $299 / yr)

Experian's monthly fees sit above The Credit People's, but its annual discounts shrink the gap; remember that Experian's higher‑tier plans bundle identity‑theft protection and credit‑score simulators, topics we unpack in the 'is Experian membership worth it' section and the 'hidden charges' part that follows.

Businesses must overhaul governance, patch management, and data‑access controls to stop a repeat of the Equifax breach.

They should:

• adopt continuous vulnerability scanning,
• enforce strict least‑privilege access,
• require multi‑factor authentication for all privileged accounts,
• run regular third‑party security audits,
• create an incident‑response playbook tested quarterly.

These changes address the weak oversight highlighted in the 'why Equifax allowed the breach' section and embed security into daily operations, reducing the chance that another 147 million‑person exposure happens again.