After conversations w my office, @Equifax has clarified its policy re: arbitration. We are continuing to closely review. pic.twitter.com/WcPZ9OqMcL — Eric Schneiderman (@AGSchneiderman) September 8, 2017

Equifax:

In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident,

Of course, considering the extent of what has leaked and the number of people affected, a hyperbolic reaction to anything surrounding this incident is understandable. A group claiming to be the hackers behind the theft has threatened to release it unless paid a ransom, but there's no confirmation yet that they actually have anything. As far as how it happened, one analyst told the New York Post that Equifax attributed the hack to the exploitation of a flaw in the Apache STRUTS system. Still, there are a few steps that people can and should take, now that we know someone has stolen more than enough information to perpetrate identity theft on a massive scale.

Now that the language has been clarified, it appears legally clear to use Equifax's website to check things out. Among Engadget staff, a few of us received notices that we aren't among those impacted, but most weren't so lucky. Still, there are questions about how secure the site itself is, since it requests the last six digits of each person' social security number (and guessing first three isn't as hard as you might think). Also, it doesn't appear to work particularly well, responding to test and "gibberish" input with a claim that it's part of the breach also.

The best information on how to respond is available from the FTC. The government agency lays out solid next steps, like checking your credit report for any suspicious entries, as well as placing a freeze (there's more advice on that here) and/or fraud alert on your account with the major credit bureaus. This will make it harder for a thief to create a fake account for you and should force creditors to verify your identity. Finally, it's important to file your taxes early, before a scammer potentially can.