Equifax Settles 2017 Data Breach for $1.38 Billion

Dispelling the Dangerous Myth of Data Breach Fatigue

January 20, 2020

A class action settlement has been proposed in a case against Equifax Inc., relating to the data breach that Equifax announced in September 2017, which affected approximately 147 million U.S. consumers.

According to the settlement, Equifax will pay $380,500,000 into a fund for class benefits, attorneys’ fees, expenses, service awards and notice and administration costs; up to an additional $125,000,000 if needed to satisfy claims for certain out-of-pocket losses; and potentially $2 billion more if all 147 million class members sign up for credit monitoring. No settlement funds will revert to Equifax. The specific benefits available to class members include:

Reimbursement of up to $20,000 for documented, out-of-pocket losses fairly traceable to the breach, such as the cost of freezing or unfreezing a credit file; buying credit monitoring services; out-of-pocket losses from identity theft or fraud, including professional fees and other remedial expenses; and 25 percent of any money paid to Equifax for credit monitoring or identity theft protection subscription products in the year before the breach. If the $380.5 million fund proves to be insufficient, Equifax will add another $125 million to pay claims for out-of-pocket losses.
Compensation of up to 20 hours at $25 per hour (subject to a $38 million cap) for time spent taking preventative measures or dealing with identity theft. Ten hours can be self-certified, requiring no documentation.
Four years of specially negotiated, three-bureau credit monitoring and identity protection services through Experian and an additional six years of one-bureau credit monitoring and identity protection services through Equifax. The Experian monitoring has a comparable retail value of $24.99 per month and has a number of features that are typically not available in “free” credit monitoring services offered to the public. The one-bureau credit monitoring will be provided separately by Equifax and not paid for from the settlement fund.
Alternative cash compensation (subject to a $31 million cap) for class members who already have credit monitoring or protection services in place and who choose not to enroll in the enhanced credit monitoring and identity protection services offered in the settlement.
Identity restoration services through Experian to help class members who believe they may have been victims of identity theft for seven years, including access to a U.S. based call center, assignment of a certified identity theft restoration specialist and step by step assistance in dealing with credit bureaus, companies and government agencies.

In addition, Equifax has agreed to entry of a consent order requiring the company to spend a minimum of $1 billion for data security and related technology over five years and to comply with comprehensive data security requirements. Equifax’s compliance will be audited by an experienced, independent assessor and subject to the Court’s enforcement powers. According to cybersecurity expert Mary Frantz, "[I]mplementation of the proposed business practice changes should substantially reduce the likelihood that Equifax will suffer another data breach in the future. These changes address serious deficiencies in Equifax’s information security environment. Had they been in place on or before 2017 per industry standards, it is unlikely the Equifax data breach would ever have been successful. These measures provide a substantial benefit to the Class Members that far exceeds what has been achieved in any similar settlements."

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

Equifax Settles 2017 Data Breach for $1.38 Billion

Related Articles

Report Abusive Comment