Equifax to pay up to $700M to U.S. over 2017 data breach

Click to play video: 'Equifax to pay up to $700M to U.S. as result of 2017 data breach'
Equifax to pay up to $700M to U.S. as result of 2017 data breach
ABOVE: Equifax is expected to pay up to US$700 million after reaching an agreement with authorities, and will need to beef up its security and allow affected customers of a 2017 data breach to freeze their credit – Jul 22, 2019

Equifax will pay up to $700 million to settle with the U.S. and states over a 2017 data breach that exposed Social Security numbers and other private information of nearly 150 million people.

The settlement with the U.S. Consumer Financial Protection Bureau and the Federal Trade Commission, as well as 48 states and the District of Columbia and Puerto Rico, would provide up to $425 million in monetary relief to consumers, a $100 million civil money penalty, and other relief.

READ MORE: Equifax data breach: Tips for Canadians whose info may have been hacked

The breach was one of the largest ever to threaten the private information. The consumer reporting agency, based in Atlanta, did not detect the attack for more than six weeks. The compromised data included Social Security numbers, birth dates, addresses, driver license numbers, credit card numbers and in some cases, data from passports.

Story continues below advertisement

Affected consumers may be eligible to receive money by filing one or more claims for conditions including money spent purchasing credit monitoring or identity theft protection after the breach and the cost of freezing or unfreezing credit reports at any consumer reporting agency.

All impacted consumers would be eligible to receive at least 10 years of free credit-monitoring, at least seven years of free identity-restoration services, and, starting on Dec. 31 and extending seven years, all U.S. consumers may request up to six free copies of their Equifax credit report during any 12-month period.

WATCH: Equifax reportedly knew for months about cyber-security vulnerability (Sept. 2017)

Click to play video: 'Equifax reportedly knew for months about cyber-security vulnerability'
Equifax reportedly knew for months about cyber-security vulnerability

If consumers choose not to enrol in the free credit monitoring product available through the settlement, they may seek up to $125 as a reimbursement for the cost of a credit-monitoring product of their choice. Consumers must submit a claim in order to receive free credit monitoring or cash reimbursements.

Story continues below advertisement

“Companies that profit from personal information have an extra responsibility to protect and secure that data,” said FTC Chairman Joe Simons. “Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers. This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”

Breaking news from Canada and around the world sent to your email, as it happens.

READ MORE: Amid backlash, Desjardins unveils new measures to help members who were victims of data theft

The announcement Monday confirms a report by The Wall Street Journal that the credit reporting agency had reached a deal with the U.S.

The company said earlier this year that it had set aside around $700 million to cover anticipated settlements and fines.

WATCH: Desjardins data breach a test of Bill C-59 and its various interfaces

Click to play video: 'Desjardins data breach a test of Bill C-59 and its various interfaces'
Desjardins data breach a test of Bill C-59 and its various interfaces

The settlement must still be approved by the federal district court in the Northern District of Georgia.

Story continues below advertisement

Shares of Equifax Inc. dipped slightly before the opening bell.

Sponsored content