The breach, which began in 2017, exposed personal data of nearly 150 million people. As such, as per the agreement, Equifax needs to pay between USD 300 million and USD 425 million to a fund that will provide consumers with credit monitoring, and will reimburse users who incurred expenses due to the data breach. Moreover, for the next seven years, the company will provide all US consumers with six free credit reports a year. The settlement also calls for Equifax to pay USD 175 million to 48 states, the District of Columbia and Puerto Rico, and USD 100 million to the Consumer Financial Protection Bureau.
The decision came as Equifax engaged in a number of practices that failed to provide reasonable security for the quantities of sensitive personal information stored within defendant’s computer network. Allegedly, the company stored consumers social security numbers and credit card account numbers in plain text. Hackers obtained names and dates of birth for 147 million people, social security numbers for 145.5 million people, email addresses for 17.6 million people, and 209,000 credit card numbers and expiration dates, among other personal data.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now