Equifax to pay up to $700M in data breach settlement

FILE - This July 21, 2012, file photo shows signage at the corporate headquarters of Equifax Inc., in Atlanta. AP Photo/Mike Stewart, File
Published:
Updated:

WASHINGTON (AP) — Equifax will pay up to $700 million to settle with the Federal Trade Commission and others over a 2017 data breach that exposed Social Security numbers and other private information of nearly 150 million people.

The proposed settlement with the Consumer Financial Protection Bureau, if approved by the federal district court Northern District of Georgia, will provide up to $425 million in monetary relief to consumers, a $100 million civil money penalty, and other relief. The bureau coordinated its investigation with the Federal Trade Commission and attorneys general from across the U.S.

The announcement Monday confirms a report by The Wall Street Journal that the credit reporting agency had reached a deal with the U.S.

Advertisement - Story continues below

Equifax also has agreed to terms that will help consumers who are facing identity theft issues, including:

  • Making it easier for consumers to freeze and thaw their credit.
  • Making it easier for consumers to dispute inaccurate information on credit reports.
  • Requiring Equifax to maintain sufficient staff dedicated to assisting consumers who may be victims of identity theft.

Additionally, Equifax has agreed to strengthen its security practices in hopes of better protecting consumers’ information going forward by:

  • Reorganizing its data security team.
  • Minimizing its collection of sensitive data and the use of consumers’ Social Security numbers.
  • Performing regular security monitoring, logging and testing.
  • Employing improved access control and account management tools.
  • Reorganizing and segmenting its network.
  • Reorganizing its patch management team and employing new policies regarding the identification and deployment of critical security updates and patches.

Ohio State Auditor Dave Yost released this statement:

“Today’s constant threat of cybercrime leaves no room for stewards of the public’s data to ignore security flaws,” Yost said. “Equifax knew about its vulnerability for months ahead of the breach but did nothing to plug the gap in its defenses. A swift response could have prevented this whole ordeal.”

Consumers eligible for restitution can call 1-833-759-2982 or go online here to complete registration.