Above is a great article that explains in detail what happened.
1. By the 1960s Equifax was one of the largest credit bureaus in the US, having accumulated the personal info of millions of Americans and Canadians. (Verified: https://en.wikipedia.org/wiki/Equifax.) Originally, insurance companies used Equifax to obtain information on potential clients. Now many businesses and employers rely on this personal info to determine credit risk, employability, etc.
2. Equifax didn't ask to start doing this, they just did it. They collected your information from various public records and consolidated it into their databases. We, as consumers and US citizens, were never able to decide whether or not Equifax had sufficient security to protect our personal data.
How the hack happened
1. Short story: Equifax failed to update one of its computers storing our personal data. This patch (update) would've blocked a way bad guys use to break in to the computer (vulnerability). Even worse, this computer wasn't encrypted - a basic task that turns data into nonsense unless you have the key to decrypt the information. So when the bad guys (whomever they were) found this vulnerable computer, they had a way in and could see all of our unprotected data. Now they may sell your data to fraudsters. No details yet on how they got in in the first place.
2. "Why didn't Equifax update their computers?" Keeping the software of thousands of computers up to date is a challenge - but prioritizing which computers receive updates first should protect the most sensitive data. Despite the challenge, there is no acceptable excuse for a company as big as Equifax, especially with our unquestionably sensitive personal data at risk, to not have better security.
How you can protect your information and why it'll help.
1. Freeze your credit information. This prevents any of the 3 credit reporting companies from giving out your personal info to anyone before you lift the freeze. When you do this, you'll be asked to create a pin number or a password (make sure it's different and safeguard it with a password manager). You'll need to do it for all 3: Equifax, Experian, and TransUnion (Experian should do it for free). Granted, if your personal info was stolen, your info is already out there - but this step would prevent someone trying to use your info for something that requires a credit check.
2. Lock down your financial accounts. Criminals may try to buy your hacked info online to hack into your bank/credit card account. Anyone who manages your money should have two-factor authentication as an option. This is an extra step to prove you're you, it's easy to turn on, and it's really hard to hack. Check https://www.turnon2fa.com/tutorials/ (verified) to find your bank and learn how to turn on this critical security feature.
3. Consider fraud/credit monitoring. This will alert you to someone trying to access your credit info. Check with your bank/credit cards first - they may offer it for free. Others may charge you for this service. We recommend you aim for a free option, but do not rely solely on Equifax's offer of free monitoring (their track record for responsibility of protecting your data is obviously poor) - consider Experian, LifeLock or free options like CreditKarma.
4. Consider identity monitoring. Companies like LifeLock are a one-stop-shop for credit and identity monitoring. Not only do they pay attention to your credit score/info, they also keep a lookout for your personal info being used online by criminals. It costs a little but it's comprehensive and casts a wider net to alert you of any fraudulent activity.
Soon you'll be able to check out www.enabldsecurity.com to find the right tool for your needs. Stay tuned...