To protect yourself in the wake of the Equifax data breach, presume the worst.
"The first assumption a consumer should make is that they are affected," said Neal Creighton, chief executive of security firm CounterTack.
Equifax announced late Thursday that it had suffered a breach potentially affecting 143 million U.S. consumers.
(For perspective, the entire U.S. population in July 2016 was roughly 323 million, according to Census Bureau data. That includes more than 249 million people over age 18 — i.e., those most likely to have a credit file.)
"That's significantly over half of the U.S. adult population that probably had their information taken," said Ryan O'Leary, vice president of the Threat Research Center at WhiteHat Security.
Exposed data includes names, Social Security numbers, birth dates, addresses, and in some cases, driver's license numbers, Equifax said in its announcement. The breach also compromised credit card numbers for 209,000 consumers, and dispute documents with personal identifying information for 182,000 consumers.
In a statement, Mike Litt, consumer advocate at the U.S. PIRG Education Fund, called the breach "beyond troubling."
"The types of stolen information, including Social Security numbers and dates of birth, can be used to commit new account identity theft against all of these people," Litt said. "Additionally, stolen credit cards affecting over 200,000 people in this breach can also be used to commit existing account identity theft."
Consumers can check Equifax's site EquifaxSecurity2017.com to see if they have been affected. (Be warned: Experts say the system is confusing, and there are reasons to be cautious about signing up for credit monitoring there.) The company has also said it will send direct mail notices to consumers whose credit card numbers or dispute information were compromised.
But there are other steps to take, quickly. (See infographic below.)