MA AG Healey Launches Investigation into Equifax Data Breach

Boston, Sept. 8, 2017, — Following reports of a major data breach at credit reporting agency Equifax Inc. compromising the personal information of hundreds of millions of consumers nationwide and nearly three million in Massachusetts, Attorney General Maura Healey today launched an investigation into the breach and urged consumers to take immediate steps to protect their information against identity theft.

The AG’s Office has contacted Equifax to review the circumstances of the breach and the steps the company is taking to address it, and will determine whether the company had proper safeguards in place to protect consumer information.

“This data breach has the potential to be the worst we’ve ever seen—with nearly three million Massachusetts residents at risk,” said AG Healey. “We have launched an investigation into this breach and have contacted Equifax to gather more information. As we work with law enforcement across the country to assess the extent of the breach, we urge everyone to take immediate steps to determine if they are affected and protect their personal information.”

According to Equifax, the data breach potentially affects approximately 143 million consumers nationwide, with stolen information primarily including names, Social Security numbers, birth dates, addresses and, in some cases, driver’s license numbers. Equifax has notified the AG’s Office that nearly three million Massachusetts consumers were affected.

Equifax has established a phone number – 866-447-7559 – for consumers to check if they have been affected by the breach or who have additional questions.

Although Equifax has indicated that it plans to offer credit monitoring and fraud protection services, the AG’s Office has received reports that consumers are not able to sign up for these services at this time. Consumers should carefully review the terms of such services, as they may require consumers to waive important legal rights to sue for damages or join class action law suits as a condition of enrolling.

While free credit monitoring does offer some protection to consumers, it is not the only option. If consumers do not want to wait to sign up for the credit monitoring services offered by Equifax, or if they want to retain all of their legal rights, AG Healey offers consumers the following information on how to protect themselves against potential identity theft from this breach:

  1. Consider placing a credit freeze on your files. Unlike credit monitoring (which alerts you after potential identity theft has already occurred), a credit freeze makes it harder for someone to open a new account in your name. It is among the strongest precautions you can take. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts. It also requires you to “lift” the freeze if you want businesses, cell phone providers, lenders, or employers to be able to review your credit. There may be a maximum $5 charge with each credit bureau for placing, lifting, or removing a freeze (up to $15 per bureau). The FTC offers more information about credit freezes here.
  2. Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting Accounts or activity that you don’t recognize could indicate identity theft. Visit to find out what to do.
  3. Continue to check your credit reports at You can order a free report from each of the three credit reporting agencies once a year.
  4. Try to file your taxes early—before a scammer can. Tax Identity Theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS. Don’t believe anyone who calls and says you’ll be arrested unless you pay for taxes or debt – even if they have part or all of your Social Security number, or they say they’re from the IRS.

If you believe you are the victim of identity theft, you will need to take additional steps to protect your credit and your personal information. For more information on how to protect yourself, please see the FTC’s step-by-step guide at