An unprecedented settlement has been reached with the credit bureau Equifax to compensate the tens of millions who were impacted by the 2017 data breach.
Years after the data breach, Equifax now admits it didn’t do enough to protect people’s most sensitive information and as part of a proposed settlement, must assist those who were victimized and put more than half a billion into a restitution fund.
The data breach affected more than 147-million people, that’s nearly half of this country’s population.
Personal information that was stolen included:
- social security numbers
- credit card numbers
- and in some cases, driver’s license information
Almost immediately after the breach, criminals began stealing people’s identities–creating turmoil for many.
Kellie Krause was one of those affected. She noticed her credit score consistently going down.
She discovered 12 accounts had been opened in her name.
She told CBS News, criminals bought things like an automobile, using her name, and even ran up an $868 vet bill for a pet she doesn’t own.
“I couldn’t figure out how this could have happened as careful as I am with my information,” she said.
North Carolina Attorney General Josh Stein says companies like Equifax have to be protective of your sensitive data.
“They have your most personal information. If they are going to collect it, they have a duty to safeguard it,” Stein said.
After the breach became public, Stein joined with 49 other attorneys general to look into what happened.
The investigation found that the breach occurred because Equifax failed to implement an adequate security program to protect consumers’ highly sensitive personal information.
Stein says, “Despite knowing about a critical vulnerability in its software, Equifax failed to fully patch its systems.”
Moreover, he said, “Equifax failed to replace software that monitored the breached network for suspicious activity. As a result, the attackers penetrated Equifax’s system and went unnoticed for 76 days.”
The Federal Trade Commission also filed a complaint.
Stein says the settlement offers victims significant relief.
Under the terms of the settlement, Equifax agreed to provide a single Consumer Restitution Fund of up to $425 million, with $300 million dedicated to consumer redress.
If the $300 million is exhausted, the fund can increase by up to an additional $125 million.
“If your credit got ruined—or someone committed ID Theft in your name and you have expenses, you can be reimbursed,” said Stein.
The settlement says victimized consumers will be eligible for up $20,000 in compensation for time and money lost while trying to deal with stolen personal information.
Equifax has also agreed to take several steps to assist consumers who are either facing identity theft issues or who have already had their identities stolen including:
- making it easier for people to freeze and thaw their credit
- making it easier for people to dispute inaccurate information in credit reports
- maintaining sufficient staff dedicated to assisting consumers who may be victims of identity theft
In addition, Equifax will pay $275 million in fines, and provide 10 years of free credit monitoring to those impacted by the breach.
Equifax is also agreeing to change the way it collects your data.
“Equifax will change its business practices and do everything possible to make sure this kind of breach never happens again,” said Stein.
Among the things it will do, it promises to start:
- reorganizing its data security team
- minimizing its collection of sensitive data and the use of consumers’ Social Security numbers
- performing regular security monitoring, logging, and testing
- employing improved access control and account management tools;
- reorganizing and segment its network
- reorganizing its patch management team
- and employing new policies regarding the identification and deployment of critical security updates and patches
All of this still has to be approved by the court.
North Carolinians who are eligible for redress will be required to submit claims online or by mail.
Paper claim forms can also be requested over the phone.
People will be able to obtain information about the settlement, check their eligibility to file a claim, and file a claim on the Equifax Settlement Breach online registry.
To receive email updates regarding the launch of this online registry, consumers can sign up online or call the settlement administrator at 1-833-759-2982 for more information.
The program to pay restitution to consumers will be conducted in connection with settlements that have been reached in the multi-district class actions filed against Equifax, as well as settlements that were reached with the Federal Trade Commission and Consumer Financial Protection Bureau.
For more stories like this that matter to you, click here to download the CBS 17 News app for free.
Watch live newscasts, get breaking news and sign up for push alerts – download now