Equifax has agreed to pay $380.5 million to settle lawsuits related to the 2017 data breach which compromised the information of nearly 147 million US citizens.
An Atlanta federal judge ruled this week in a Georgia court that the $380.5 million will be deposited into a fund where members of the class action suit can claim up to $20,000 in compensation each.
To determine eligibility, www.EquifaxBreachSettlement.com,has been set up.
Class members have until next week, January 22, to file their claim. Equifax may also be required to add $125 million for additional out-of-pocket claims.
Affected consumers also have the choice of signing up for 10 years of free credit monitoring, including four years from Experian and TransUnion, as well as Equifax who will provide up to six years of free one-bureau credit monitoring.
Class members who already have credit monitoring services, that continue for at least six more months, may be eligible for a cash payment of up to $125 – depending on the number of claims that are filed.
“We are pleased that the Court approved the settlement, which provides significant benefits for consumers whose information was impacted in the 2017 breach,” an Equifax spokesperson told Threatpost.
In addition to the $380.5 million, the Equifax will also be required to pay at least $1 billion on improving its security, and a further $175 million to 48 states within the US, and $100 million in civil penalties to the Consumer Financial Protection Bureau.
According to Bloomberg, Equifax will also need to pay $1.4 billion in litigation expenses, with class counsel receiving a percentage-based fee of $77.5 million.
The 2017 data breach resulted in threat actors accessing the names, birth dates, Social Security numbers, phone numbers, and many more personal details of over 145 million US citizens.
Alyn Hockey, VP of Product Management at data security company, Clearswift:
“While Equifax wasn’t the largest data breach in terms of the number of records exposed, it shows just how extensive the financial implications of a data breach can be – settlement claims and investment in information security will cost the company over $1.38 billion over the next five years. This case sends a wake-up call to businesses that data protection has to be taken seriously at all levels of the enterprise and illustrates the extent to which prevention is better than cure.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.