Ohio gets chunk of data-theft settlement
Ohio will receive at least $7.4 million in a $700 million settlement with Equifax over a 2017 data breach that exposed Social Security numbers and other private information of nearly 150 million people.
Attorney General Dave Yost, one of 47 state attorneys general to pursue the credit-rating company, announced the Ohio settlement Monday.
“Today’s constant threat of cybercrime leaves no room for stewards of the public’s data to ignore security flaws,” Yost said in a statement. “Equifax knew about its vulnerability for months ahead of the breach but did nothing to plug the gap in its defenses. A swift response could have prevented this whole ordeal.”
The settlement includes a consumer restitution fund of up to $425 million for 147 million people whose computerized information was hacked, a $100 million civil penalty and a $175 million payment to the states. Equifax also will institute measures to more securely guard consumer information.
A spokesman said $5 million of the state’s payment from Equifax will go into the general operating fund of the attorney general’s office, and the remaining $2 million-plus will be used to fund consumerprotection activities.
In September 2017, Equifax announced a data breach that lasted 76 days, affecting nearly half of the U.S. population. Breached information included Social Security numbers, names, dates of birth, addresses and credit card and driver’s license numbers.
Despite knowing about a critical vulnerability in its software, Equifax failed to patch its systems, allowing outside hackers to access the personal information. Additionally, Equifax failed to replace software that monitored the breached network for suspicious activity. As a result, the attack went unnoticed for two-plus months.
“The consumer fund of up to $425 million that we are announcing today reinforces our commitment to putting consumers first and safeguarding their data — and reflects the seriousness with which we take this matter,” Equifax CEO Mark Begor said.
Equifax stock, which plunged 30% in the days following the disclosure of the Equifax, headquartered in Atlanta, will pay $700 million to settle a 2017 data breach, which exposed the Social Security numbers and other private information of nearly 150 million people for 76 days. breach, has returned to levels where they traded before the incident.
The restitution fund will be handled in conjunction with settlements in class-action lawsuits. Under one option, consumers can receive 10 free years of credit monitoring or $125. Those who suffered damages due to identity theft may qualify for more money.
Affected consumers may be eligible to receive money by filing one or more claims for conditions, including money spent purchasing credit monitoring or identity theft protection after the breach and the cost of freezing or unfreezing credit reports at any consumer reporting agency.
All impacted consumers would be eligible to receive at least 10 years of free creditmonitoring, at least seven years of free identity-restoration services, and, starting on Dec. 31 and extending seven years, all U.S. consumers may request up to six free copies of their Equifax credit report during any 12-month period.
Consumers will be able to obtain information about the settlement, check their eligibility to file a claim, and file a claim on the Equifax Settlement Breach online registry. To receive email updates regarding the launch of this online registry, consumers can sign up at www. ftc.gov/equifax-data-breach. The registry, which is not yet up and running, will inform people if their data was hacked and if they are eligible to submit a claim.
Consumers can also call the settlement administrator at 1-833-759-2982 for information.