Americans will now get compensation for losses tied to one of the biggest data security failures ever.
Credit-reporting company Equifax has agreed to pick up the tab in a proposed deal with the Federal Trade Commission, Consumer Financial Protection Bureau and 50 states and territories to settle allegations that it did not implement sufficient security measures to protect its network. The settlement still must be approved by the U.S. District Court for the Northern District of Georgia.
The deal calls for Equifax to pay at least $575 million, including $300 million for free credit monitoring services, $175 million to states, the District of Columbia and Puerto Rico and $100 million in penalties to the CFPB.
The company could be forced to pay another $125 million if the initial amount is not enough to cover consumers’ losses, bringing the total tab to up to $700 million.
Equifax is accused of failing to adequately patch a security flaw that enabled hackers to swipe about 147 million names and dates of birth, 145.5 million Social Security numbers and 209,000 payment card numbers and expiration dates in 2017.
The FTC also said Equifax had stored network credentials and passwords, Social Security numbers and other consumer data in plain text files, which makes them more susceptible to criminal activity.
Freezing your credit is free: Law goes into effect following Equifax breach
“This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud,” FTC Chairman Joe Simons said in a statement.
As part of the deal, the company must also implement internal measures to ensure it has adequate security systems and protocol.
“This comprehensive settlement is a positive step for U.S. consumers and Equifax as we move forward from the 2017 cybersecurity incident and focus on our transformation investments in technology and security as a leading data, analytics, and technology company,” Equifax CEO Mark W. Begor said in a statement.
What you can get
Depending on how you were affected by the breach, you could be eligible for several types of compensation under the proposed settlement.
Starting in 2020, all U.S. consumers will be entitled to six free Equifax credit reports each year for seven years. This can help you to monitor for any suspicious activity. All Americans are entitled to get free identity theft recovery services for seven years.
If you were affected by the breach, you can get up to 10 years of free credit monitoring of your three credit reports at Experian, TransUnion and Equifax by an independent third-party service that will be determined by the court. Or, you can receive $125 if you already have a credit monitoring service and won’t enroll in the free one.
If you spent time or money dealing with an ID theft issue that occurred after the hack and involved personal data that was exposed by the breach, you can get compensated up to $20,000 per person. You can be reimbursed for the following:
- Losses from unauthorized charges on your accounts
- Cost of freezing or unfreezing your credit report
- Cost of credit monitoring
- Fees you paid to professionals like an accountant or attorney
- Other expenses like notary fees, document shipping fees and postage, mileage, and phone charges
You’re also eligible to get $25 per hour for time spent dealing with the breach’s aftermath, up to 20 hours. For the first 10 hours, you just need to certify that you spent this time. For the additional 10 hours, you may need to provide documentation.
The claims process will open up after the settlement is approved by the court. In the meantime, it’s best to gather documents, emails, receipts and other information to support your claim. You can find more information on the FTC’s website.
Contributing: Janna Herron
Follow USA TODAY reporter Nathan Bomey on Twitter @NathanBomey.