PSA: Equifax’s hack checker is a hot mess – CNET

screen-shot-2017-09-08-at-4-04-07-pm
Sharon Profis/CNET

From the time Equifax discovered its database was breached to the day it publicly announced the hack, six weeks passed. The company was likely preparing for one of the worst data breaches in American history, including the creation of a tool that lets anyone find out if they were affected by the hack. 

That tool, however, might need a check of its own. 

The way it works is: You enter your last name and the last six digits of your social security number. Then, Equifax gives you one of two results: 

  • Equifax will let you know that you may have been impacted.
  • Equifax will let you know you were not impacted.

Something is not quite right with the results, though, as ZDNET’s Zack Whittaker discovered. The tool provides random results, even for fictional names and social security numbers. I tested this myself with the last name “Hellomoto” and a random string of digits. Turns out that the person with the last name Hellomoto was not impacted. 

Is Equifax’s tool completely useless? The random results suggest that it can’t be fully trusted, as it doesn’t seem to be checking entries against a database. If that were the case, we would expect the tool to return an error, as most database-checking forms do. 

At this point, we suggest that any person with a credit history take action as if they were affected. That means watching out for signs of identity theft and taking further precautions, such as freezing your credit and setting fraud alerts. Here’s our complete guide to how to handle the situation.

We have reached out to Equifax for comment and have not yet heard back.