Equifax to pay up to $700M to settle investigations into security breach
Half of all U.S. adults at risk of identity theft, fraud from 2017 info leak
Equifax has agreed to pay as much as $700 million to settle a series of state and federal investigations into a massive 2017 data breach that left more than 147 million Americans’ Social Security numbers, credit-card details and other sensitive information exposed.
The punishment includes payments to affected consumers, fines to peeved regulators and a host of required changes to the credit-reporting agency’s business practices, government officials said Monday, as they faulted Equifax for putting more than half of all U.S. adults at risk for identity theft and fraud.
“This is the largest data breach settlement in U.S. history,” said Pennsylvania Attorney General Josh Shapiro. “These data breaches occur because of corporate greed. Corporate leaders decided to put an extra dollar of profit into their pocket, as opposed to that dollar going into the infrastructure of the company to protect their data.”
Under an agreement with the attorneys general from 48 states as well as the District of Columbia and Puerto Rico, Equifax will set aside up to $425 million to reimburse victims of the breach, including those who experienced identity theft. Equifax also will offer 10 years of credit-monitoring services to consumers who have been harmed, invest more heavily in its own cybersecurity and pay $175 million to the states themselves, officials said. They described the penalty as the most significant they’ve ever levied in response to an organization that broke state data-security laws.
Connecticut is receiving $4.8 million stemming from a national settlement over the massive data breach. A majority of the money will go to the general fund and the rest will go to the consumer protection funds. More than 1.5 million residents in Connecticut were impacted by the breach that exposed Social Security numbers and other private information. Rhode Island’s portion of the settlement is $1 million. Connecticut Attorney General William Tong said in a statement that the consumer credit reporting agency ignored its security obligations enabling hackers to penetrate its systems and expose data of about half the U.S. population. He said it’s the largest data breach enforcement action in history.