How to Protect Consumers 1 Year After Equifax Breach

Media Releases

Media Contacts
Emily Scarr

State Director, Maryland PIRG; Director, Stop Toxic PFAS Campaign, PIRG

Maryland PIRG Foundation

“Ultimately, we are not the customers of Equifax or the other credit bureaus. We are their product. We did not ask or give them permission to collect or sell our personal information,” said Maryland PIRG Director Emily Scarr. “At the very least, breached companies should be required to provide consumers clear information about what can be done to protect themselves against most types of identity theft.”

A year ago, Equifax announced that hackers had breached its system and accessed the data of nearly 150 million U.S. consumers. The breach put approximately 3 million Marylanders at increased risk of identity theft. To mark the anniversary of that notorious announcement, Maryland PIRG Foundation is releasing a report containing suggestions on how state authorities and consumers can safeguard personal information.

“One year after announcing the worst data breach in history weeks after it knew about it, Equifax has yet to pay a price or provide consumers with the information and tools they need to adequately protect themselves,” said Mike Litt, Maryland PIRG’s consumer campaign director. “This may not have been the biggest breach ever, but it’s the worst, because Equifax’s carelessness made it easier for bad guys to steal the identities of nearly 150 million consumers.”

The report, Equifax Breach: 1 Year Later – How to Protect Yourself Against ID Theft & Hold Equifax Accountable, includes the following features:

  • A recap of the main governmental and civil actions against Equifax over the last year (which have so far failed to hold the company accountable).
  • New materials, including charts and checklists, to help consumers understand how to best protect themselves against the very real threats of identity theft for the rest of their lives.

  • A case for why we need both oversight and financial consequences to prevent future large-scale breaches.

The report also recommends requiring companies that have been hacked to clearly explain to consumers how they can protect themselves against most types of identity theft.

The report contains charts,checklists and other tips to to help consumers prevent and detect the types of identity theft and fraud made possible by the Equifax breach:

  • Existing Account Fraud: Check your monthly credit card and bank statements.

  • New Account Fraud (including cell phone, credit card, loan, and utilities): Get credit freezes at all three nationwide credit bureaus — Equifax, Experian, and TransUnion. A new federal law will eliminate fees for those credit freezes for consumers on September 21st, 2018.

  • Tax Refund Fraud: File your taxes as soon as possible, before thieves do. Also, if you qualify, get an Identity Protection (IP) PIN.

  • Health Care Services / Medical Benefits Fraud: Sign up for online accounts with your health care and insurance providers to periodically check for any fraudulent services on your statements.

  • Other Fraudulent Activity: Check your free annual consumer reports with companies that specialize in collecting information often misused by criminals.

  • Phishing Scams: Ignore unsolicited requests for personal information by email, links, phone calls, pop-up windows, or text messages.

The report also highlights the need for both penalties against and new oversight of Equifax to compensate the victims and prevent future breaches of this scale.


Maryland PIRG Foundation is an independent, non-partisan group that works for consumers and the public interest. Through research, public education and outreach, we serve as counterweights to the influence of powerful special interests that threaten our health, safety, or well-being.