The credit bureau’s settlement also includes litigation costs and covers government inquiries by state and federal agencies.
Equifax has reached a settlement related to consumer litigation and regulatory investigations that arose following its infamous data breach incident of 2017. The incident exposed the personal data of more than 147 million U.S consumers, such as their Social Security numbers.
The credit reporting bureau said in a press release the $671 million resolution would resolve consumer class action litigation, and also cover inquiries by the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB), the attorneys general of 48 states, Puerto Rico and the District of Columbia, as well as the New York Department of Financial Services.
New York Attorney General Letitia James noted in a July 22 tweet, “Equifax put profits over privacy & greed over the people & now we’re holding them accountable for the millions they put at risk.”
And FTC Chairman Joe Simons said, in a press release, “Companies that profit from personal information have an extra responsibility to protect and secure that data. Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers.”
See related: Main lesson after Equifax breach: Protect yourself
Terms of settlement
Equifax reports that if the settlement is approved by a court, it would set up a “consumer restitution fund” making available up to $425 million that would pay for credit monitoring by all three major credit bureaus (including Experian and TransUnion) for the consumers whose data was affected by the breach.
In addition, the FTC said Equifax will provide all U.S consumers with six free credit reports annually for seven years, starting in January 2020. This is in addition to the one free annual credit report Equifax and the two other major credit bureaus already offer.
Those affected would also be compensated for the actual out-of-pocket losses they incurred as a result of the breach. And the fund would cover “identity restoration” services as well.
The resolution also requires Equifax to continue enhancing its information security and technology program.
“This comprehensive settlement is a positive step for U.S. consumers and Equifax as we move forward from the 2017 cybersecurity incident and focus on our transformation investments in technology and security as a leading data, analytics, and technology company,” Equifax CEO Mark Begor said in the company’s press release.
Equifax will be making payments totaling $290.5 million to some regulatory agencies at the state and federal levels, and will foot the bill for attorney payments and costs in the consumer litigation.
On approval by the court, consumers who participated in the class action lawsuit will hear about their rights and options.
FTC will provide updates
The Federal Trade Commission advises that it is providing email alerts about this settlement.
Benefits that consumers affected by the breach could avail themselves of include:
- Up to 10 years of free credit monitoring from the three major credit bureaus, or a possible cash payment of $125 if you don’t need the credit monitoring.
- Reimbursement of up to $20,000 for time and money spent on this issue.
- Free identity restoration services for a minimum of seven years in case someone does steal your identity, or if you are affected by fraud.
The FTC also has other input on frequently asked questions relating to this settlement, for those affected by the breach.