I don't think the "Am I impacted" button on Equifax's website will do anything. I don't trust them.
I think people should just assume that they HAVE been impacted.
So, now what?
Now you have to hope you aren't one of the people who folks decide to attack. There's a very good chance you will not be.
However, on the premise of "Hope for the best, prepare for the worst," here are the steps I recommend everyone take.
1) Get a copy of your credit report from annualcreditreport.com. This is going to take you a little while because every other American is doing it too, so the websites are crashing, but persevere!
When they give you the option to chose which of the three credit company's reports to download, just pick one. It doesn't matter which one.
1a) Look to see if anything looks fishy.
1b) Put it in your calendar to do this again in 90 days, with a different credit company's report. (You get one free from each credit reporting company per year.
2) Freeze your credit. If you're over 65, it will be free. (Thanks, California!) The rest of us have to pay $10 per credit bureau, though Equifax, in their generosity, is waiving their fee.
You can freeze it online, but the websites have all been crashing, so I'd just call them. You'll have to call all three credit bureaus.
Here are the numbers for freezing your credit.
They give you a really long PIN to identify you for when you want to unfreeze it the next time you ask for credit. This will cost you $10 for each credit bureau ($5 if you're over 65) , so $30 total for each "unfreeze".
Here is a link from the California Office of the Attorney General about credit freezes versus other alerts.
You're done with that part, except for checking your credit report in 90 days (and then 90 days after THAT, too.)
3) Set up 2-factor authentication (which means, for instance, that they'll text you a code when you log in from a computer they don't recognize.
4) Ask your brokerage accounts what you can do to protect yourself from fraud with them. Each one has a different technique.
5) Make sure your passwords are robust.
I use Keepass because I'm a creature of habit and it's free, but there are lots of password keepers, (link goes to a 2017 list of "best password managers" from lifehacker.com) and they generate passwords for you that are nigh unbreakable.
I am more worried about brokerage accounts and fraudulent tax returns than credit cards.
Online brokerage accounts can be protected with a great password. Hopefully any phoned-in fraud is met with a competent human gatekeeper on the other end of the line.
The only protection from tax return fraud that I'm aware of BEFORE any known identity theft is to file your taxes as soon as humanly possible to get the jump on any thieves.
(Once you're a victim, THEN the IRS will give you a special PIN and whatnot, but not before, so far as I know.)
Personally, I have also started a creditkarma.com account. I realize that creditors are who are paying for it, because it's free to me, (in other words, they aren't on my side) but I like being able to look at my score whenever I want, to see if it's dropped overnight or anything, which would be very fishy. creditkarma is more for my own peace of mind, though. By the time you see your score drop, your identity theft is already underway!