Equifax settles massive data breach class action for $1.5 billion
The credit reporting firm, Equifax , has agreed to settle a nationwide class action over a massive data breach. The huge 2017 breach exposed te Social Security numbers, birth dates, addresses and, in some cases, the driver’s license and credit card numbers of more than 147 million consumers; the settlement is valued at over $1.5 billion.
“This comprehensive settlement is a positive step for U.S. consumers and Equifax as we move forward from the 2017 cybersecurity incident and focus on our transformation investments in technology and security as a leading data, analytics, and technology company,” said Equifax CEO Mark Begor in a statement. “The consumer fund of up to $425 million that we are announcing today reinforces our commitment to putting consumers first and safeguarding their data – and reflects the seriousness with which we take this matter.
The settlement includes up to $505.5 million for cash compensation including time spent dealing with the breach, credit monitoring, and assistance with identity restoration. Equifax may have to pay more if more than 7 million class members enroll in credit monitoring. The settlement also makes Equifax change its business practices—including how it handles personal data—and requires the company to spend at least $1 billion over the next five years to overhaul its data security.
“We knew that we wanted to resolve the case as soon as possible for the highest possible consumer relief,” said Norman Siegel of Stueve Siegel Hanson in Kansas City, who served as chair of the settlement committee and was appointed by the court to lead the class action along with Ken Canfield of Doffermyre Shields Canfield & Knowles in Atlanta and Amy Keller of DiCello Levitt Gutzler in Chicago.
The final details of the settlement were made public yesterday, after securities filings and Equifax’s CEO previously hinted at a global resolution.
The Consumer Restitution Fund will be used to pay various benefits to those affected by the breach including reimbursement for up to $20,000 in out-of-pocket losses; reimbursement for up to 20 hours of time spent dealing with issues relating to the data breach at $25 per hour; a minimum of four years of free, three-bureau credit monitoring through Experian, or a cash payment up to $125 for individuals who already have different credit monitoring; six additional years of single-bureau credit monitoring provided free-of-charge by Equifax; and up to 25% reimbursement for credit or identity monitoring subscription products purchased from Equifax between September 7, 2016, through September 7, 2017.