Equifax complaints keep growing

Equifax struggled over the weekend with its response to its massive data breach as consumers continued to criticize the credit-reporting company's efforts and cited ongoing problems with a website set up to help them.

Regulators, meanwhile, are urging consumers to freeze their credit reports, a move some lenders fear could ding credit growth even as the finance industry struggles with the question of how to contain the potential for widespread fraud that could affect millions of Americans.

Despite Equifax's statement Friday evening that it had cleaned up many of the problems on its website, consumers said they were still receiving erroneous and confusing responses. Some said they made up fake last names and social security numbers and received responses from the site that suggest it didn't recognize they were fictitious identities.

The issues add to consumer ire over the data breach, which has exposed vital personal identification data -- including social security numbers, names, addresses and dates of birth -- of potentially as many as 143 million Americans. The hack is second in size to only one that was disclosed by Yahoo last year but potentially the most dangerous to date given the vital gatekeeper role firms such as Equifax play in terms of consumer credit and people's personal information.

Kris Rockwell of Atlanta, Georgia on Sunday morning said she went to Equifax's website and entered random letters from the alphabet in the name field and all zeros in the social security number field. The response was that she "probably ha[d] been hacked," she said in an email. "Are they kidding us?"

Some consumers trying to visit the site also received a warning message that "attackers might be trying to steal [their] information from the website." That raised further concerns for already jittery consumers.

An Equifax spokesman said that the data file "likely contains a very limited number of names and numbers that do not connect to real people. But to reiterate, the key point is that every person potentially impacted is in the file."

Some consumers will be receiving letters in the mail from Equifax informing them that they have likely been impacted by the breach.

Meanwhile, authorities were urging consumers to do more than sign up for the free credit-monitoring service now being offered by Equifax. The office of New York Attorney General Eric Schneiderman sent an email to state residents Saturday telling them to consider placing a freeze on their credit reports. The email said it would make it harder for someone to open a new account in their name. It added that tax identity fraud was a possible result of the Equifax hack since social security numbers were compromised. Similarly, Ohio Attorney General Mike DeWine's office issued a release on Friday recommending, among other things, that consumers contact each of the main credit-reporting firms to freeze their credit reports.

Equifax's offer of the free one-year credit monitoring service includes freezing people's credit reports at their firm but not elsewhere. Consumers would have to contact other firms on their own.

Credit freezes prevent lenders from being able to get copies of prospective customer's credit reports. That prevents swindlers from opening credit cards or other loans but also places that same limit on the legitimate customers unless they undo the freeze, says credit specialist John Ulzheimer.

For lenders, though, the prospect of millions of Americans freezing their credit raises the possibility of a crimp in lending. That could dent profits at some firms and, if the issue became widespread enough, could hamper economic growth.

At the same time, lenders have to deal with the data breach and the possibility it raises of widespread fraud. Banks and other lenders stand to incur losses on fraudulent loans and credit cards opened in consumers names with data pilfered from Equifax.

"There will be some impact on lending over time, but the more immediate challenge facing financial institutions is authentication," meaning making sure that the people who apply for loans and those using existing accounts are who they say they are, said a credit card executive at a large bank.

Credit specialists are stumped as to how the cleanup process will work here. In most cases, credit-reporting firms aren't in a position to validate whether a loan application is legitimate. That is the responsibility of the lender receiving the application, who relies on the files at credit-reporting companies to help determine whether the loan applicant is creditworthy.

Major lenders typically add information to credit reports when consumers apply for credit and if they receive loans. When fraudulent activity has been added to those reports, consumers as well as lenders need to get involved to inform the credit-reporting companies that the accounts are fraudulent.

Banks for decades have relied on credit-reporting firms as a key source of verifying consumers' identities to issue credit to them. While Equifax has said that the consumer credit reports weren't involved in the breach, the pieces of information that were stolen are enough in many cases for swindlers to open accounts in other people's names.

In some cases, if swindlers open up payday loans or loans from other nonmainstream lenders, those won't end up on the credit reports with the big three credit bureaus. That could make it more difficult to spot future fraud by effectively creating a shadow type of loan that consumers would be unaware of, even if they check their credit reports. In many cases consumers would only find out when lenders or collection firms contacted them.

Write to AnnaMaria Andriotis at annamaria.andriotis@wsj.com