(Update: Since publication of this story, Equifax has updated the language on its website (www.equifaxsecurity2017.com) to make it clear that no consumer will be required to waive his or her legal right to a class action lawsuit as a condition for enrolling in the company's free credit monitoring and identify theft protection products.)
Don't be so quick to sign up for free credit monitoring from Equifax.
The company announced late Thursday that it had suffered a breach potentially affecting 143 million U.S. consumers.
"The first assumption a consumer should make is that they are affected," said Neal Creighton, chief executive of security firm CounterTack.
Exposed data includes names, Social Security numbers, birth dates, addresses, and in some cases, driver's license numbers, Equifax said in its announcement. The breach also compromised credit card numbers for 209,000 consumers, and dispute documents with personal identifying information for 182,000 consumers.
"That's everything an identity thief would need," said Ryan O'Leary, vice president of the Threat Research Center at WhiteHat Security.
Consumers can check Equifax's site EquifaxSecurity2017.com to see if they have been affected. (Be warned: Consumer advocates say the system is confusing). The company has also said it will send direct mail notices to consumers whose credit card numbers or dispute information were compromised.