In 2017, Equifax, one of the largest credit reporting agencies in the United States, was the victim of a massive cyber attack—an attack that compromised the personal information of approximately 147 million people. On July 22, 2019, the company agreed to pay at least $575 million—and up to $700 million—as part of a global settlement with the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB), 48 U.S. states and two U.S. territories. The settlement has preliminary court approval and is considered the largest of its kind for a data breach.
The Settlement
In its initial complaint, the FTC alleged that Equifax’s failure to secure its network exposed millions of individuals’ names, dates of birth, Social Security numbers, physical addresses and other personal information to cyber criminals and fraudsters.
As part of the settlement, Equifax will pay $300 million to a fund for credit-monitoring services for consumers affected by the breach. This fund will also be used to compensate consumers who bought credit- or identity-monitoring services from Equifax and paid other out-of-pocket expenses as a result of the 2017 data breach.
The company will add $125 million to the fund if the $300 million is insufficient to compensate consumers. What’s more, Equifax will pay $275 million in civil penalties to the CFPB, and 48 U.S. states and two U.S. territories.
Consumers impacted by the data breach are entitled to up to 10 years of free credit monitoring. If you are already enrolled in credit monitoring, you can file to be compensated for up to $125 in cash.
Those harmed by cyber theft as a result of the breach can also claim as much as $20,000 in cash to reimburse for losses related to freezing or unfreezing credit reports, purchasing credit-monitoring services, unauthorized charges to accounts, and payments to lawyers and accountants.
Am I Entitled to Compensation?
Equifax has set up a website to help consumers determine whether or not they are entitled to compensation as a result of the settlement. To confirm your eligibility, you will need to enter your last name and the last six digits of your Social Security number on the site, or call the Settlement Administrator at 1-833-759-2982.
If you are eligible for compensation, you can file a claim online here. As part of the claim process, you’ll select the benefits you are eligible for and submit documents to support your claims if you spent more than 20 hours dealing with the consequences of the breach. Supporting documents can include, but are not limited to, billing statements depicting unauthorized charges or fees paid to data breach professionals.
For most benefits, the deadline to file a claim is Jan. 22, 2020. United Benefits Group will provide updates on this situation as needed.