NEW YORK (AP) - There's no way around it: The news from credit reporting company Equifax that 143 million Americans had their information exposed is extremely serious.
Crucial pieces of personal data criminals could use to commit identity theft - Social Security numbers, birthdates, address histories, legal names - were all obtained. That's information that cannot change. And once that data is out there, it's basically out there forever.
"The crown jewels of personal information were exposed and potentially stolen," said John Ulzheimer, an independent credit consultant who previously worked at Equifax.
Equifax's key role in the financial industry makes this breach more alarming than previous ones at Yahoo or retailers. It's a storehouse of personal information, like how much people owe on their houses and whether they have court judgments against them.
Lenders rely on the information collected by three big credit bureaus - Equifax, TransUnion and Experian - to help them decide whether to approve financing for homes, cars and credit cards. Credit checks are sometimes done by employers when deciding whom to hire for a job.
Atlanta-based Equifax said Thursday that "criminals" exploited a U.S. website application to access the files between mid-May and July of this year. It discovered the hack July 29, but waited until Thursday to warn consumers.
Beyond the usual steps of checking credit reports regularly and watching for abnormal transactions on your accounts, it may be time to take more extreme measures to lock down your information.
The strongest possible option a person can take immediately is placing what's known as a credit freeze on their files with the major credit bureaus. That locks down a person's information, making it impossible to open new accounts and bank cards in their name.
However, taking that option locks you out from opening new accounts. It also can come with a fee with each of the bureaus, depending on where you live.
Consumers will need to be more careful about checking their credit reports. U.S. law gives every American the right to get those files for free once a year from the three major bureaus. While many websites market access to your credit reports, the official one is annualcreditreport.com.
It's best to spread those requests out over the year - do one every four months, experts say. And expect to check this information not just in the immediate future, but for the long term - potentially years.
Need an even more extreme step? People can request to change their Social Security number with the Social Security Administration if they have repeatedly been a victim of identity fraud under their original number.
Equifax has a website, www.equifaxsecurity2017.com/, where people can check if their information may have been stolen. For information, consumers can also call 866-447-7559. The company also said it will send mail to all who had personally identifiable information stolen.