Got an Equifax letter saying you were hacked? The helpline’s struggling
Almost 700,000 British victims of the Equifax hack are receiving letters offering a free fraud protection service. But you’ll need to hand over personal details to get it – and many say the helpline the letter directs you to isn’t working properly.
The credit report heavyweight is writing to UK consumers to warn them their personal details have been compromised, after it announced in September its US parent company had been the victim of a cyberattack five months earlier.
We’ve been contacted by lots of MoneySavers who are confused and alarmed by the letter, some of whom had no idea what Equifax is or why it held their data. If you’re affected, here’s what you need to know.
Get Our Free Money Tips Email!
What is Equifax and what data does it have?
Equifax is the second biggest credit reference agency in the UK, after Experian. Like other such agencies, it holds information about you which prospective lenders use to assess you when you apply for a credit card, loan, mortgage or more.
Crucially, Equifax doesn’t just hold data on customers who’ve used its credit report services – it holds data on some 44 million people in the UK. So you could have been a victim of the data breach even if you’ve never heard of Equifax before.
The data Equifax holds comes from four main sources the publicly available electoral roll, court records, previous credit searches and account data shared by banks, building societies, utility companies and other organisations. See our Credit Scores guide for more info.
What details were hacked?
Equifax has confirmed 15.2 million UK records, which were dated between 2011 and 2016, were targeted.
It says 14.5 million of these may contain names and dates of birth but do not pose any “significant risk”, and these customers won’t be contacted.
However it is contacting the remaining 693,665 consumers. The numbers affected and information taken can be broken down as follows:
- 637,430 consumers had their phone number accessed.
- 29,188 consumers had their driving licence number accessed.
- 14,961 consumers had parts of their Equifax.co.uk membership details from 2014 accessed, such as username, password, secret questions and answers and partial credit card details.
- 12,086 consumers had an email address associated with their Equifax.co.uk account in 2014 accessed.
There’s a helpline number to call – but it’s struggling
The letter tells consumers that if they have questions about what the data breach means and how Equifax can support them, they can call a freephone helpline between 8am and 8pm, seven days a week – the number’s 0800 587 1584.
Yet we’ve received numerous reports that this helpline isn’t working properly – most MoneySavers who’ve told us they’ve had problems say they simply got no ring tone. For example, David said: “I have tried to call a number of times this afternoon and it doesn’t even ring.”
We’ve tried calling it five times ourselves today and also got no ring tone, though on our latest check we did get through. Equifax insists the phone line IS working properly and says simply that it’s very busy, so you should try again. We’ve asked why users are getting no ring tone rather than some kind of message and will update this story when we hear back.
You can get free monitoring services – but must give your details
The letter offers them a number of free services to “reduce your risk” following the hack. These include:
- Equifax Protect – a credit report monitoring service to alert you to any changes on your credit report
- Equifax WebDefend – a web monitoring service to alert you if your personal details are used on the web
- Equifax Postal Service – to get a copy of your credit report by post
- Cifas Protective Registration – a fraud protection service
However to access the majority of these free services, you’ll need to sign up, either online or on the phone if you can get through.
To do so, you’ll need to give the reference number included in the letter, but will also be asked to give additional personal info – your name, address, date of birth and email address – and create security questions. Equifax says you won’t be asked for any payment details.
‘I dont want to give my personal details to their so-called protection’
We’ve been contacted by a lot of concerned users who’ve received the letters:
- Iain said: “I called the freephone number provided. No ring tone.”
- John said: “Received a letter today saying my data in the USA has been hacked! Why is my data held in a foreign county? What is our Government doing about it? I dont particularly want to give any more data out to a company which has been hacked, thats madness.”
- Gillian said: “I have received a letter today from Equifax informing me that my name, date of birth and telephone number have been accessed. I was unaware that Equifax had any information about me.”
- Patricia said: “Received my letter today, dont know what to do. I dont want to give my personal details to their so-called protection for the next twelve months – anybody else feel like this?”
Do I have to sign up to the Equifax services?
No, it’s entirely up to you if you want to. Equifax says that doing so may help “reduce your risk”, and you won’t be charged for the services. But there’s no guarantee that the services will stop your data being fraudulently used and you will have to provide further personal details, so you need to weigh up what to do.
Equifax says it will not be taking any payment details, and if you ask for the services to last longer than 12 months, it will sign you up for a further 12 months free of charge.
What can I do to protect myself?
If your data has been accessed, then here’s what you can do:
- If your password or security answers were taken, change them ASAP. Only a small proportion of the UK consumers affected had passwords and other login data taken, and that was from 2014. But if you’ve used the same password or security questions and answers anywhere else, make sure you change them. See our Password Security guide for more help.
- Be vigilant – watch out for possible fraud. The Information Commissioner’s Office has warned consumers to watch out for unsolicited emails, texts or calls, even if it appears to be from a company you’re familiar with. There’s a risk that fraudsters could use data which was taken to make ‘phishing’ messages – which attempt to obtain sensitive info such as credit card details – more credible. See our Stop Scams guide for more help.
- Weigh up whether to use Equifax’s free services. It says this may help reduce your risk, but you’ll need to decide if it’s worth it. You could alternatively look at similar services from other providers, though when it comes to things like web monitoring you may have to pay.
Why did Equifax have my details when I haven’t signed up?
We’ve heard from numerous people who were alarmed to receive a letter, as they hadn’t signed up to use Equifax’s services.
An Equifax spokesperson said: “Equifax uses information supplied by credit card companies, banks, retailers, and mortgage lenders who have extended people credit in the past to create the credit scores that allow consumers to take out a mobile phone contract, mortgage or buy a car.”
Is Equifax being investigated over the hack?
The Financial Conduct Authority (FCA) has confirmed it is investigating, and working with the Information Commisioner’s Office following the hack.
Andrew Bailey, chief executive of the FCA, recently wrote to Nicky Morgan MP, chair of the Treasury Select Commitee, to say the regulator is taking the matter “extremely seriously”.
Will Equifax pay out compensation for the hack?
A spokesman said the company won’t be paying any cash compensation. The FCA, which is investigating the hack, could order Equifax to pay redress, but there’s no indication of that as yet. We’ll continue to follow this story and give an update as soon as we know anything new.