July 22, 2019
Equifax has agreed to pay as much as $700 million to settle a series of state and federal investigations into a massive 2017 data breach that left more than 147 million Americans’ Social Security numbers, credit-card details and other sensitive information exposed.
 
The punishment includes payments to affected consumers, fines to peeved regulators and a host of required changes to the credit-reporting agency’s business practices, government officials said Monday, as they faulted Equifax for putting more than half of all U.S. adults at risk for identity theft and fraud.
 
. . .
 
Under an agreement with the attorneys general from 48 states as well as the District of Columbia and Puerto Rico, Equifax will set aside up to $425 million to reimburse victims of the breach, including those who experienced identity theft. Equifax also will offer 10 years of credit-monitoring services to consumers who have been harmed, invest more heavily in its own cybersecurity and pay $175 million to the states themselves, officials said. They described the penalty as the most significant they’ve ever levied in response to an organization that broke state data-security laws.
 
Equifax also has agreed to pay an additional $100 million to settle a federal investigation at the Consumer Financial Protection Bureau, which probed the matter alongside the Federal Trade Commission, the agencies said Monday.
 
. . .
 
The Equifax breach, which the credit-reporting agency first acknowledged in September 2017, amounted to one of the worst security incidents in U.S. history given the number of Americans affected and the sensitivity of the information that hackers were able to access. Names, home addresses and birth dates were left exposed, and in some cases, Americans’ driver’s license numbers were left vulnerable to theft, too.
 
The complete article can be viewed here.
 
Andrew N. Friedman, Co-Chair of Cohen Milstein’s Consumer Protection practice, is a member of the Steering Committee for the consumer plaintiffs.