Equifax 2017 Data Breach: 147 Million Records Exposed
One of the largest and most consequential data breaches in history, exposing Social Security numbers and financial data for nearly half the US population due to an unpatched web application vulnerability.
Unlock Full Privacy Intelligence
Get deep-dive reports on every company that touches your data. SeekerPro members see breach timelines, DSAR success rate...
Learn MoreAudit Your Site Free
Run a full privacy and compliance audit on any website in 60 seconds. NexusBro scans cookie consent, tracker behavior, a...
Learn MoreAutomate Privacy Compliance
Stop wasting hours on manual DSAR filings and cookie consent management. BliniBot handles the busywork so your team can ...
Learn MoreData Types Exposed
Response Timeline
March 2017: Apache Struts vulnerability disclosed
May 2017: Attackers begin exploiting Equifax systems
July 29 2017: Equifax discovers breach
September 7 2017: Public disclosure
Detailed Analysis
The Equifax breach exploited a known Apache Struts vulnerability that had a patch available for months before attackers gained access. Equifax failed to apply the patch despite internal scanning that should have identified the vulnerable system. Attackers had access to systems for 76 days before detection. The breach exposed the most sensitive financial identity data including Social Security numbers, making it one of the most damaging breaches for affected individuals. Congressional investigations revealed systemic security failures at Equifax including an expired SSL certificate that prevented a security tool from detecting the intrusion for months.
The breach at Equifax exposed 147 million records through exploitation of unpatched apache struts vulnerability (cve-2017-5638). Approximately 147 million Americans — nearly half the US population at the time The incident highlights the ongoing challenges organizations face in protecting sensitive user data against increasingly sophisticated attack vectors. Security researchers have noted that breaches of this magnitude often result from a combination of technical vulnerabilities and organizational failures in security practices.
Current status: Settled for $700 million with FTC in 2019; affected individuals eligible for up to $20,000 in compensation. Affected users should take immediate steps to protect their accounts, including changing passwords, enabling multi-factor authentication, and monitoring financial accounts for unauthorized activity. Filing a DSAR with Equifax can help you understand what data was exposed and request its deletion.
What To Do If Affected
- Change your password immediately on this service and any accounts using the same password
- Enable two-factor authentication on all critical accounts
- Monitor your credit reports for unauthorized activity
- Consider placing a credit freeze with major bureaus
- File a complaint with your local data protection authority
Protect Your Data Across Every Platform
Tools trusted by thousands of privacy-conscious users worldwide
No card charged today. Cancel anytime.
Frequently Asked Questions
How many records were affected in the Equifax breach?
The Equifax data breach affected 147 million records. Data types exposed include: Social Security numbers, birth dates, addresses, driver license numbers, credit card numbers.
What should I do if I was affected by the Equifax breach?
If you were affected, change your passwords immediately, enable two-factor authentication, monitor your credit reports, and consider placing a credit freeze. You can also submit a DSAR to Equifax requesting deletion of your data.
Is there compensation for Equifax breach victims?
Settled for $700 million with FTC in 2019; affected individuals eligible for up to $20,000 in compensation Check if a class action settlement exists and whether you are eligible to file a claim.