CFPB Announces $700M Settlement in Equifax Data Breach

CFPB Announces $700M Settlement in Equifax Data Breach

CFPB Announces $700M Settlement in Equifax Data Breach

A multistate investigation found that the breach occurred because Equifax failed to implement an adequate security program to protect consumers' sensitive personal information.

The settlement with the U.S. Consumer Financial Protection Bureau and the Federal Trade Commission, as well as 48 states and the District of Columbia and Puerto Rico, would provide up to $425 million in monetary relief to consumers, a $100 million civil money penalty, and other relief.

The settlement concludes multiple probes into Equifax by the Federal Trade Commission, the Consumer Financial Protection Bureau and almost all state attorneys general. The compromised data included Social Security numbers, birth dates, addresses, driver license numbers, credit card numbers and, in some cases, data from passports.

As part of the settlement, Equifax will provide a consumer restitution fund of up to $425 million. The exact amount of money Equifax will have to pay may change, depending on the number of consumer claims filed. There will also be at least seven years of free identity theft restoration services and, from 2020, all United States consumers get an additional six free credit reports from the Equifax website (assuming anyone ever wants to risk using Equifax again).

Equifax did not report the breach for a period of six weeks after it was initially detected. The FTC has authority to examine whether a company's practices were reasonable and whether it was living up to representations about security of data.

Even if the data hasn't been used, the unease and discomfort caused by large breaches also should be taken into account, Calo added.

Equifax has agreed to pay USA agencies. For the time spent dealing with the breach, consumers can seek $25 per hour for up to 20 hours as compensation. If that doesn't cover the losses, Equifax will add up to $125 million to the fund.

Equifax first disclosed the hack in September 2017, three months after the company discovered the breach.

If you were a minor in May 2017, you are eligible for a total of 18 years of free credit monitoring.

The remaining six years will be Equifax-only credit monitoring.

Brookman warns consumers to not rely too heavily on credit monitoring.

"This settlement is just a drop in the bucket of what Equifax's disregard for privacy could cost American families", Democratic U.S. Senator Sherrod Brown said in a statement.

"Credit freezes are actually better and they're free under the law", he explains. You can find more information on the FTC's website.

Consumer advocates were generally positive on the settlement, but had concerns on the timescale of the settlement.

As a result, the FTC said Equifax failed to patch its network after being alerted in March 2017 to a critical security vulnerability in its ACIS database, which handles inquiries from consumers about their personal credit data.

Related news

[an error occurred while processing the directive]