Equifax will reportedly pay up to $700 million to settle investigations of its massive 2017 cybersecurity data breach that compromised the personal information of 150 million people—essentially half of the adult population nationwide. The settlement includes payments to affected customers, fines, and numerous mandated changes to Equifax’s business practices to better protect consumers’ private data, government officials said.
The settlement is reportedly the largest ever for a data breach. It still needs to be approved by the federal district court.
“Equifax failed to protect consumers’ information and failed to enact reasonable security measures under California’s data security laws,” California Attorney General Xavier Becerra said at a news conference. “That left very important personal information exposed and allowed hackers to steal consumers’ names, Social Security numbers, their birth dates, their addresses, and in some instances, their driver’s license number, and even credit-related information.”
The data breach has prompted calls for greater government oversight of credit reporting bureaus’ data storage policies for the credit histories and personal information of consumers.
Under the settlement, Equifax will pay up to $425 million to reimburse victims from the security breach. It will also pay $175 million to states and invest more in its own cybersecurity. It will be required to submit to 20 years of regular third-party checkups. It will also pay an extra $100 million to settle a federal investigation into the data breach by the Consumer Financial Protection Bureau.
“This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud,” says Joe Simons, the Federal Trade Commission chairman.
Consumers whose data was stolen can receive at least four years of free credit monitoring on their credit reports at all three credit bureaus, FTC says. They also can receive an extra six free years of free credit monitoring on their Equifax credit report. Consumers who don’t enroll in the free credit monitoring from the settlement may be eligible for a cash payment of $125. In some cases, consumers may be eligible to receive reimbursements and cash payments up to $20,000, according to the FTC.
Consumers who want to claim the free credit monitoring or cash payments will need to file a claim once the claims process begins. A settlement site will be posted with updates when claims are open. Consumers also can register for alerts via email.
Source: “Equifax Will Pay Up to $700 Million to Settle Data Breach Lawsuits,” CBS News (July 22, 2019) and “Equifax to Pay Up to $700 Million to Settle State and Federal Investigations Into 2017 Security Breach,” The Washington Post (July 22, 2019)