In the wake of a data breach that put the personal data belonging to millions of Americans into the hands of hackers, lawyers in Portland, Oregon have filed a class action lawsuit against the credit reporting company Equifax—but learning whether you were part of one of the largest hacks in history, and what to do next, is anything but straightforward.

Bloomberg reports that the suit, filed in federal court Thursday night, alleges that "Equifax negligently failed to maintain adequate technological safeguards to protect [the plaintiffs'] information from unauthorized access by hackers." The complaint continues, "Equifax knew and should have known that failure to maintain adequate technological safeguards would eventually result in a massive data breach."

The suit also makes note of the fact that Equifax discovered the breach on July 29th, but didn't alert those affected until earlier this week. Within four days of the hack, however, a number of high-up Equifax executives, including Equifax Chief Financial Officer John Gamble; President for U.S. information solutions Joseph Loughran; and President of workforce solutions Rodolfo Ploder sold shares at high prices.

Whether or not customers were properly notified of the breach by Equifax is the target of an investigation by Attorney General Eric Schneiderman, who estimated Friday that as many 8 million New Yorkers may have been put at risk. He encouraged everyone to call Equifax and see if their information had been compromised, and added that his "office intends to get to the bottom of how and why this massive hack occurred."

Calling Equifax has yielded mixed results, and it remains somewhat unclear how to best tell whether you were one of the millions put at risk by the company. On Saturday, the AG urged concerned New Yorkers to check a new website set up by Equifax—www.equifaxsecurity2017.com—to see if their information had been comprised. That suggestion was widely panned on Twitter, with many users saying they were either unable to access the form or hesitant to share more personal information with the company.

There's also the matter of initial reports that the site's terms of service agreement prohibited users from participating in any class action lawsuits against Equifax. That language was updated "after conversations [with Schneiderman's] office," according to the attorney general, so that "the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident."

In addition to recommending the Equifax site, Schneiderman also offered other consumer recommendations, including checking your credit reports and monitoring existing bank accounts closely for unauthorized charges. He also suggested that New Yorkers might "consider placing a credit freeze on your files." (The Washington Post has a good explainer on what this entails.)

But if you do decide to trust Equifax's janky hack discovery website, you will be asked to enter the last 6 digits of your social security number, in order to enroll in TrustedID Premier, a "complimentary identity theft protection and credit file monitoring product." Despite Schneiderman's endorsement, expert opinion on whether this is a good or bad idea. (Fool me once, etc).

A cartooon by By Kaamran Hafeez. #TNYcartoons

A post shared by The New Yorker Cartoons (@newyorkercartoons) on

As of Sunday morning, the site seemed to be working in a way that you could find out if you were hacked, without fully enrolling in the Trusted ID program. Here's what that news, delivered in a very gracious way, looks like:

Of course, you could also skip all of that, and follow the advice of CNET's editor: "We recommend that anyone with a credit history assume they were affected by the hack, as Equifax's hack-checker tool proved unreliable in our tests."