Quite frankly, this is the worst data breach I've ever seen. It's not just names, addresses, and credit card numbers - it also includes Social Security Numbers and basically anything that a Bad Guy would need to open up credit in your name.
Add to this is what seems to be a bungled notification:
Equifax had weeks to prepare for its breach notification, so its decision to do so via a basic Wordpress site (oh, err) using a free shared CloudFlare SSL cert is somewhat puzzling. “For some reason Equifax used the 6 weeks to set up a new domain asking for SSN numbers, with anonymous Whois on Cloudflare,” said security consultant Kevin Beaumont.
The whole approach already seems to have gone awry, with OpenDNS flagging up the site as a potential phishing locale in an apparent false positive. The Register has received emails from concerned readers who believed it may be a phishing site.So what should you do? Remember: you aren't Equifax' customer - you're their product. Don't expect much (or anything) from them. You're kind of on your own.
Fortunately, there's something that you can do. You can freeze your credit:
A credit freeze allows you to seal your credit reports and use a personal identification number (PIN) that only you know and can use to temporarily “thaw” your credit when legitimate applications for credit and services need to be processed. The added layer of security means that thieves can’t establish new credit in your name even if they are able to obtain your personal information.
Freezing your credit files has no impact whatsoever on your existing lines of credit, such as credit cards. You can continue to use them as you regularly would even when your credit is frozen.If you buy a car, refinance a house, or whatever, you use your PIN to "thaw" your credit report. Different credit bureaus have different capabilities there, so click through and read the (very informative and useful) article.
I recommend this for everyone - this will make stealing your identity really, really hard.