Equifax would pay Nevada nearly $1.5 million for a 2017 data breach, according to a pending class action settlement.
The data breach exposed Social Security numbers and other private information of nearly 150 million people, including about 1.2 million Nevadans.
The settlement with the U.S. Consumer Financial Protection Bureau and the Federal Trade Commission, as well as 48 states and the District of Columbia and Puerto Rico, has yet to be approved by the the federal district court in the Northern District of Georgia. It is slated to provide $425 million in monetary relief to consumers, a $100 million civil money penalty, and other relief up to $700 million total.
“When consumers entrust their personal information to companies, that public trust comes with a responsibility to keep that data safe,” said Nevada Attorney General Aaron Ford in a statement. This settlement “will require Equifax to create safeguards against large-scale attacks in the future.”
The breach was one of the largest ever to threaten private information. The consumer reporting agency, based in Atlanta, did not detect the attack for more than six weeks. The compromised data included Social Security numbers, birth dates, addresses, driver license numbers, credit card numbers, and, in some cases, data from passports.
All impacted consumers would be eligible to receive at least 10 years of free credit-monitoring, at least seven years of free identity-restoration services. In addition, all U.S. consumers would be able to request up to six free copies of their Equifax credit report during any 12-month period starting Dec. 31 and extending seven years.
$125 reimbursement possible
If consumers choose not to enroll in the free credit monitoring product available through the settlement, they may seek up to $125 as a reimbursement for the cost of a credit-monitoring product of their choice. Consumers must submit a claim in order to receive free credit monitoring or cash reimbursements.
“Companies that profit from personal information have an extra responsibility to protect and secure that data,” said FTC Chairman Joe Simons. “Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers. This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”
Affected consumers may also be eligible to receive money by filing one or more claims for money spent purchasing credit monitoring or identity theft protection after the breach, as well as other costs including freezing or unfreezing credit reports at any consumer reporting agency.
Shares of Equifax Inc. rose 50 cents or .36 percent to close at $137.80 Monday.
The Associated Press contributed to this report.
Steps for those affected
Once the class action court approves the settlement, Equifax will provide a lookup tool at www.EquifaxBreachSettlement.com so consumers can determine whether they were affected. The website also allows those affected by the breach to make a claim. They can also do so by calling 1-833-759-2982. The deadline for claims has not been set.
Consumers can enter their email address on the Federal Trade Commission’s website, www.ftc.gov/equifax-data-breach, to be notified when Equifax starts accepting claims.