$600 million settlement reached following Equifax data breach

July 24, 2019 in News

The Mississippi Link Newswire,

People affected by the massive 2017 Equifax data breach will receive 10 years of credit monitoring and may be eligible for restitution following a $600 million multistate settlement reached with the consumer reporting agency by attorneys general across the country, Attorney General Jim Hood announced. The state of Mississippi will receive $1,399,071.54 of the $175 million going to states, with the remaining $425 million set aside for eligible consumers.

On September 7, 2017, Equifax, one of the largest consumer reporting agencies in the world, announced a data breach, affecting more than 147 million consumers – nearly half of the U.S. population, including 1.3 million Mississippians. Breached information included Social Security numbers, names, dates of birth, addresses, credit card numbers, and in some cases, driver’s license numbers.

“The worst part about this data breach is that Equifax, as a credit bureau, knows firsthand how data breaches and resulting identity theft can impact consumers’ credit; yet, when they were notified of a problem in their cybersecurity in March 2017, they failed to correct it, allowing highly sensitive information to be exploited by an intruder through July 2017,” Hood said. “We should be able to trust that our personal information is safe in the hands of an entity like Equifax, but when that’s not enough, consumers can be confident that I and other attorneys general will do all we can to require companies to pay up and protect their customers.”

A multistate investigation found that the breach occurred because Equifax failed to implement an adequate security program to protect consumers’ highly sensitive personal information, which enabled hackers to penetrate its systems. Despite knowing about a critical vulnerability in its software, Equifax failed to fully patch its systems. Moreover, Equifax failed to replace software that monitored the breached network for suspicious activity. As a result, the attackers penetrated Equifax’s system and went unnoticed for 76 days.

Under the terms of the settlement, Equifax agreed to provide a Consumer Restitution Fund of up to $425 million for consumer redress. The company will also offer affected consumers extended credit-monitoring services for 10 years and longer for affected consumers under the age of eighteen.

Equifax has also agreed to take several steps to assist consumers dealing with identity theft, including, but not limited to:

• making it easier for consumers to freeze and thaw their credit;

• making it easier for consumers to dispute inaccurate information in credit reports; and

• requiring Equifax to maintain sufficient staff dedicated to assisting consumers who may be victims of identity theft.

In addition, Equifax has agreed to strengthen its security practices going forward, including:

• reorganizing its data security team;

• minimizing its collection of sensitive data and the use of consumers’ Social Security numbers;

• performing regular security monitoring, logging and testing;

• employing improved access control and account management tools;

• reorganizing and segmenting its network; and

• reorganizing its patch management team and employing new policies regarding the identification and deployment of critical security updates and patches.

Consumers who are eligible for redress will be required to submit claims online or by mail. Paper claims forms can also be requested over the phone. Consumers will be able to obtain information about the settlement, check their eligibility to file a claim, and file a claim on the Equifax Settlement Breach online registry. To receive email updates regarding the launch of this online registry, consumers can sign up at ftc.gov/Equifax. Consumers can also call the settlement administrator at 1 833-759-2982 for more information. The program to pay restitution to consumers will be conducted in connection with settlements that have been reached in the multi-district class actions filed against Equifax, and settlements that with the Federal Trade Commission and Consumer Financial Protection Bureau.

In addition to Mississippi, other attorneys general participating in this settlement include Alabama, Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Idaho, Illinois, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Michigan, Minnesota, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, Washington, West Virginia, Wisconsin, Wyoming, the District of Columbia and the Commonwealth of Puerto Rico.