Equifax agrees to pay $700 million settlement for its 2017 data breach

Artem Beliaikin/Pexels

Equifax has agreed to pay up to $700 million as part of a settlement agreement reached in regard to its 2017 data breach.

According to Reuters, the consumer credit reporting agency’s settlement is the “largest-ever settlement for a data breach” and effectively ends the investigations into the company by the Consumer Financial Protection Bureau (CFPB), the Federal Trade Commission (FTC), and “nearly all state attorneys general.”

The breakdown of the $700 million settlement is as follows: A total of $175 million in fines is to be paid to the states. The CFPB is expected to be paid $100 million. Finally, Equifax is expected to establish a “restitution fund” to help customers affected by the data breach. Reuters also reports that this fund will start at $300 million but can reach up to $425 million if needed. Furthermore, Equifax also agreed to strengthen its security and undergo regular policy reviews by a third party.

The Federal Trade Commission recently published a statement addressing the Equifax data breach settlement. The statement, titled “Summary of Benefits,” mostly addressed how the settlement directly affects consumers. According to the statement, settlement benefits can only be received by consumers who file a claim once the claims process has begun. (As of now, the claim process has not yet begun, and consumers cannot currently file a claim.)

Furthermore, the FTC’s Summary of Benefits outlines the kinds of benefits consumers can claim if they were affected by the 2017 Equifax data breach. However, it appears that there is one benefit that all U.S. consumers are eligible to receive from Equifax beginning in 2020:  “Six additional free credit reports per year for seven years from the Equifax website.” The other benefits are for those directly affected by the breach and include free identity theft protection services and credit monitoring, cash payments (up to $20,000 per person), and free identity restoration services.

The 2017 data breach was announced by Equifax in September of that year. It was a colossal breach that, according to the FTC, divulged the personal information of 147 million people. Equifax also published its own statement about the $700 million settlement. In the press release, Equifax describes the stipulations of its settlement agreement and includes the following statement from Equifax CEO Mark W. Begor:

“This comprehensive settlement is a positive step for U.S. consumers and Equifax as we move forward from the 2017 cybersecurity incident and focus on our … investments in technology and security as a leading data, analytics, and technology company … The consumer fund of up to $425 million … reinforces our commitment to putting consumers first and safeguarding their data — and reflects the seriousness with which we take this matter. We have been committed to resolving this issue for consumers and have the financial capacity to manage the settlement while continuing our $1.25 billion EFX2020 technology and security investment program.”

Editors’ Recommendations

  • Marriott faces $123M fine for huge data breach that targeted millions of guests
  • The FTC’s $5 billion privacy fine on Facebook could’ve been much, much bigger
  • The FTC will hit Facebook with a $5 billion fine over privacy violations
  • Millions of real estate records were publicly accessible due to lax security
  • Millions of Instagram influencers reportedly had private data exposed online