Still have questions about Equifax one year later? We have the answers

The traditional first wedding anniversary theme is “paper.” When it comes to this first anniversary, hopefully you didn’t lose any.

It’s been exactly one year since credit bureau Equifax EFX, +0.11%  announced publicly that hackers had accessed the personal information of millions of people whose credit reports are on file with the company.

Since that time, lawmakers have introduced new laws to keep consumer data safe, but a lot of confusion remains.

“A year later, more people know that credit bureaus exist,” said Mike Litt, the consumer campaign director for U.S. PIRG, a nonprofit consumer group. “Unfortunately, I think people are still unclear about all they can do to best protect themselves.”

You probably still have questions, and here are the answers to some of them:

How many people did the Equifax breach affect?

This is a tough one, because several different numbers have been reported. A spokesman for Equifax said the final number is that the breach affected 145.5 million people, in the U.S., Canada and the U.K. About two thirds of U.S. adults were affected.

How many people have actually done a credit freeze?

After the breach was revealed experts recommended that people put a freeze on their credit report, meaning that no one would be able to access the information in the report without their permission.

Without a freeze in effect, any business that’s considering lending you money can look at the details of your credit report, which includes a lot of details that would be useful to identity thieves, like your Social Security number and address history.

Both locking and freezing, in theory, stop new creditors from giving a fraudster a credit card or other account in your name. Instead of automatically approving the request, they must contact the person who placed the freeze or lock and confirm their identity.

It doesn’t seem like a lot of people took this advice. Only 12% of people said they actually “locked” a credit account, and only 8% said they “froze” a credit account, according to a new survey of about 1,000 people commissioned by the credit-card website CompareCards.com.

Locking gives similar protections as freezing, but when credit bureaus allow consumers to “lock” their accounts, they usually allow them to “unlock” them, too, by using an online platform or app.

Freezing is regulated by states, and consumers typically cannot freeze and unfreeze their accounts at their discretion; they must use a PIN number. Credit locks sometimes come with a monthly fee, whereas credit freezes cost just one fee.

Actually freezing your account is “the most proactive thing you can do,” said Adam Levin, founder of the security firm CyberScout and the author of “Swiped.” “It’s imperative that you know as quickly as possible that you have a problem, and that you have a plan,” he said.

On the upside, 65% of people surveyed said they had reviewed their online bank and credit card statements more often since the breach. And 51% said they had checked their credit score -- a small percentage, given how many people were affected.

When your identity is stolen, it can take years to sort out. An identity thief can make purchases, open new accounts and even commit crimes while using your name and personal details.

If I haven’t frozen my credit accounts yet, am I too late?

It’s not too late — you should still freeze them, Levin said. It’s possible that the fraudsters who initially had the Equifax data have re-sold it to other criminals, he said. That means there’s a risk your personal information can fall into the wrong hands at any time, so consumers should be closely monitoring their credit and taking all the preventative steps they can.

That said, it’s understandable that many consumers would be jaded, he said. Equifax isn’t the first company to suffer a data breach, so most consumers have “breach fatigue” and come to expect that their personal information is probably available on the internet.

If you want help that goes beyond freezing or locking your account, it may pay off to contact your insurance company, the financial services institution you have an account with, or even the HR department at your office, he said.

The number of companies that are offering identity theft protection to their employees is growing in the wake of the breach.

What is happening with legislation regarding the breach?

In May, as part of a rollback of the Dodd-Frank Act, Congress made credit freezes for all consumers free. President Donald Trump signed the bill into law on May 24.

Before the law was enacted, states regulated how much each bureau could charge to freeze and unfreeze an account, and it typically cost between $3 and $10.

Consumers should keep in mind that this national law only applies to information creditors have access to during credit checks. It doesn’t, however, protect employment checks or insurance checks, Litt said, which some states previously made free by law.

There is another bill, which Senator Elizabeth Warren, a Democrat from Massachusetts, sponsored and introduced in January of 2018. It is called the “Data Breach Prevention and Compensation Act of 2018,” and it would create an Office of Cybersecurity at the Federal Trade Commission for supervision of data security at credit reporting agencies, according to Warren.

It would also impose penalties on credit reporting agencies for any breaches that put sensitive consumer data at risk. But that bill has not made it past the Senate.

Get a daily roundup of the top reads in personal finance delivered to your inbox. Subscribe to MarketWatch's free Personal Finance Daily newsletter. Sign up here.