Equifax has been breached.
On Thursday Equifax, one of the big-three US credit bureaus, disclosed a major data breach. It affects 143 million individuals, mostly Americans, although data belonging to citizens of other countries, for the most part Canada and the United Kingdom, were also hit (Ars Technica).
It's known the data were stolen, not just exposed: Equifax disclosed it had detected unauthorized access. So this isn't simply a case of potential compromise of data inadvertently exposed on the Web. Someone came in and took it.
Among the information lost are names, Social Security Account Numbers, dates of birth, and addresses. Large subsets of the affected individuals also lost credit card numbers, dispute documents (which you might file if you wished to correct something in your credit record), and driver's license numbers (KrebsOnSecurity). It's unclear how many of those data were encrypted.
You'd say that seems like about everything, but Equifax would differ—the company says in its statement that its core credit record databases were uncompromised. Those are records of things like late payments, bad debts, and so on. Most observers have found that cold comfort at best—the data lost are more than sufficient to commit all manner of fraud and identity theft (Help Net Security).
Equifax is also offering their identity protection and credit monitoring services free to affected individuals (more on this below). Why affected individuals would sign up for such monitoring is unclear. Many journalists and security experts have looked into the proffered service and found it dodgy, hard-to-use, generally insecure, and probably an opportunity to be hit up for a paid renewal when the free offer expires (Bleeping Computer).