The Equifax Breach –
Steps to Take Now and What to Watch for Next.

On September 7, 2017, Equifax announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Equifax disclosed the information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver's license numbers.  In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.

Steps to Take Now

Check to see if your personal information has been exposed. Equifax has established a dedicated website,, to help consumers determine if their information has been potentially impacted and, if the consumer so chooses, to sign up for credit file monitoring and identity theft protection. If your personal information has been compromised, please notify your financial institutions immediately and follow the steps at the Federal Trade Commission’s website at

Review your credit report. If your information was potentially impacted, review your credit report. Remember, regardless of whether you are a victim or not, you should review your credit report for fraudulent activity at least annually. You are eligible for one free credit report each year from Equifax, Experian, and TransUnion. Requesting your report from one of the bureaus every 4 months allows you to continually monitor for fraudulent activity throughout the year. You can request your report at

Signs of fraud or identity theft to look for include:

  • Accounts on your credit reports that you didn’t open;
  • Incorrect personal information on your credit reports;
  • Credit inquiries from companies you’ve never contacted; or, 
  • Wrong amounts showing on your accounts in your credit reports.

Consider placing a credit freeze, or at least a fraud alert, with the credit bureaus. A credit freeze stops all access to your credit report until you lift or remove the freeze. Each bureau will charge a state required fee for placing, lifting, or removing the freeze. In Pennsylvania, the fee to place a freeze is currently $10.00 and in Maryland, the fee is currently $5.00. Fees will also be charged each time you temporarily lift the freeze and also when you remove the freeze. However, if your credit reports already show unauthorized activity and you are already a victim of identity theft, the fees for applying, lifting, or removing the freeze should be waived. To apply a freeze, you must contact each of the bureaus individually. The phone numbers and websites utilized to request a freeze are: 

TransUnion – 1-888-909-8872 or online at

Experian – 1-888-397-3742 or online at

Equifax – 1-800-349-9960 or online at

Innovis – 1-800-540-2505 or online at

An initial fraud alert is free; however, it must be renewed every 90 days. This renewal timeframe can be extended to 7 years if, upon reviewing your credit report, you determine you are already a victim of identity theft in which case you may request an extended fraud alert. An initial fraud or extended fraud alert tells creditors to take reasonable steps to verify the identity of the individual applying for credit. This typically means the creditor will call you utilizing the phone number you have provided to the bureau when applying your fraud alert. To place a fraud alert, contact one of the first three national credit bureaus listed below. The one you contact must notify the other two; however, you must contact the fourth bureau directly. The phone numbers and websites utilized to request a fraud alert are:

TransUnion – 1-800-680-7289 or online at – 1-888-397-3742 or online at

Equifax – 1-888-766-0008 or online at

Innovis – 1-800-540-2505 or 

For more information to help you determine whether a credit freeze is right for you, visit the Federal Trade Commission’s website created to assist Equifax breach victims which can be found by visiting

What to Watch for Next

Watch for notification letters from Equifax. Equifax stated it will send direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were impacted.  Be wary of emails that appear to come from Equifax. Scammers are likely to take advantage of the situation and craft sophisticated phishing emails. If you are notified that any of your ACNB Bank account or card information has been compromised, please contact us immediately.  

Monitor your bank accounts. We also encourage you to monitor your financial accounts regularly for fraudulent transactions. Use online, mobile, and telephone banking to keep a close eye on your accounts. Review your statements and report discrepancies immediately. 

Keep your guard up. If your information was impacted, be extremely alert to phone calls, emails, text messages, or even letters received by mail attempting to scam you or to obtain additional information that could be used for identity theft.  Because of the information compromised in the breach, scammers may be able to recite personal information about you, which may convince you they are from your bank, credit card provider, a debt collection company, or even the Internal Revenue Service. If you receive an unsolicited email or phone call asking for your personal information, remember that no legitimate business will do that. 
If you have any reason to think the contact may be legitimate, hang up, and call the business back using their publicly advertised phone number. To learn more about phishing, visit the Phishing and Social Networking section within our Security Center at

Be wary of tax-related identify theft.  Information compromised in the Equifax breach included social security numbers.  Tax-related identity theft occurs when someone uses your stolen Social Security Number to file a tax return claiming a fraudulent refund.  You may be unaware that this has happened until you efile your return and discover that a return already has been filed using your Social Security Number. Or, the IRS may send you a letter saying they have identified a suspicious return using your Social Security Number.  File your taxes early, before an identity thief has the chance. 

If your Social Security Number is compromised and you know or suspect you are a victim of tax-related identity theft, the IRS recommends these additional steps:

  • Respond immediately to any IRS notice; call the number provided.
  • Complete IRS Form 14039, Identity Theft Affidavit, if your efiled return rejects because of a duplicate filing under your SSN or you are instructed to do so. Use the fillable form at, print, then attach the form to your return and mail according to instructions.