Equifax to pay up to $700 mln in U.S. data breach settlement

by Reuters
Monday, 22 July 2019 14:04 GMT

(Adds detail and context, share reaction and PIX available)

By Pete Schroeder

WASHINGTON, July 22 (Reuters) - Credit-reporting company Equifax Inc will pay up to $700 million to settle U.S. federal and state probes into a massive 2017 data breach of personal information that affected around 147 million consumers, authorities said on Monday.

The largest-ever settlement for a data breach draws to a close multiple probes into Equifax by the Federal Trade Commission, the Consumer Financial Protection Bureau and nearly all state attorneys general. It also resolves pending class-action lawsuits against the company.

"This company's ineptitude, negligence, and lax security standards endangered the identities of half the U.S. population," New York Attorney General Letitia James said in a statement.

Under the settlement, the company will pay a $175 million fine to the states and $100 million to the CFPB.

The company will also establish a $300 million restitution fund for harmed consumers which could climb to $425 million depending on how many customers use it. While roughly half of all Americans saw their information compromised, the restitution fund is only available to consumers who can show they suffered direct costs from the breach, either as victims of fraud or by setting up credit-monitoring services.

Affected consumers will also be eligible for 10 years of free credit monitoring from Equifax, and the company agreed to make it easier for consumers to freeze their credit or dispute inaccurate information in credit reports.

Equifax, one of three major credit-reporting companies, disclosed in 2017 that a data breach had compromised the personal information, including Social Security numbers, of 143 million Americans. That figure later rose to around 147 million.

The scandal upended the company, which saw the exit of its chief executive, as its security practices and slow speed in disclosing the breach were challenged by lawmakers and policymakers.

They questioned how private companies could amass so much personal data, setting off efforts to bolster consumers' ability to protect and control their information.

The hackers behind the breach have never been identified by authorities. The company has also agreed to bolster its security practices and have its policies assessed regularly by a third party.

Equifax shares were up 1.2 percent at $138.88 in morning trading. (Reporting by Pete Schroeder; Editing by Peter Cooney, Susan Heavey and Nick Zieminski)

Our Standards: The Thomson Reuters Trust Principles.