Look like equifax just sent out another email, apology letter, and a link to the credit alert monitoring. This is still a bad idea, they should have mention to carefully check the url website or better yet, just type in the website such as equifax.com trustedid.com and so on, instead of asking users reading the email to click on the link.
The problem is, with the email link, a hacker can send similar email and ask the user to click on it, and it will direct them to a hacker website which has exact copy of equifax trustedid site and now the users got their account compromised hacked.