Credit reporting agency Equifax will pay hundreds of millions of dollars to settle dozens of lawsuits related to a massive cybersecurity breach in 2017.
Two years ago, cybercriminals gained access to Equifax’s network by exploiting a website vulnerability, making off with the personal information for 147 million U.S. consumers (nearly half the country’s population). That information included names, addresses, Social Security numbers, birth dates, and in some cases driver’s license numbers.
Additionally, criminals walked away with credit card details for 209,000 consumers, and personally identifying information related to credit disputes for an additional 182,000 consumers, according to Reuters.
Here are the details:
- Equifax agreed to pay up to $700 million for problems related to the security break in two years ago. That deal must still be approved by a federal court.
- The settlement is reportedly the largest payment in corporate history for a cybersecurity breach. The money will go to 48 states that launched lawsuits against the company for damages, as well as to consumers, to help them restore their online identities, and to repair other financial data.
- $425 million of the settlement money reportedly will be used to set up a “restitution fund.” While the money is slated to go to consumers who suffered financial damage as a result of the hack, it will be hard for consumers to prove they were actually affected by the breach, experts warn.
- Consumers who are already signed up for credit monitoring services–which monitor for fraudulent borrowing behavior–may be eligible for a one-time reimbursement of $125. Other consumers may be eligible for up to 7 years of free credit monitoring and identity restoration services.
- Consumers who can prove they suffered losses related to fraud and misuse of their personal information may be eligible for repayment of up $20,000.
You can find out more about the settlement here.
What is Equifax?
Equifax is one of three credit reporting agencies, or bureaus. The others are Experian and Transunion. Credit reporting agencies collect data on consumers related to all aspects of their financial lives, including bank and credit card account information, mortgages, and bankruptcies. They file this information in something called a credit report, and sell it to mortgage, automobile, and credit card companies, among others, that wish to build customer profiles for loans.
Credit reporting agencies also create something called a credit score, ranging from 300 to 850; the latter is considered perfect credit. Credit scores affect the cost of loans, and all consumers who have applied for credit have a credit score.
More about the breach
The information stolen in the Equifax break-in is most typically bought and sold by criminals on the black market, and via something called the Dark Web, an underground criminal network. So far, there is no evidence that the information has been used for that purpose. That has led some experts to theorize a foreign nation was involved in the attack, for the purpose of spying.
Numerous other companies in recent years have suffered big hack attacks resulting in the loss of important customer data. In 2018, hotel chain Marriott announced that its systems had been hacked by criminals who made off with data related to 500 million guests. Similarly, Yahoo had email addresses for 3 billion customers stolen in two separate attacks starting in 2013, and JPMorgan Chase which lost names and log-ins for about 80 million accounts in 2014. The Equifax hack attack, however, is the most significant such breach in terms of potential damage to consumers, financial experts said.
Find out more about the Equifax hack here.