JULY 22, 2019
Equifax will pay $671 million to settle numerous state class-action lawsuits and investigations by the Federal Trade Commission, New York Department of Financial Services and Consumer Financial Protection Bureau, the company said Monday.
The deal, which is still subject to a six-month court approval process, will establish a consumer restitution fund of up to $425 million, which will pay for credit monitoring from all three bureaus and any “out-of-pocket losses related to the breach.” As an alternative, consumers can request a $125 cash payment if they already have been signed up for credit monitoring services that will continue for at least six months.
Consumers may also be eligible for payments up to $20,000 for time they spent remedying fraud or misuse of personal information or out-of-pocket losses.
But that will likely be an uphill battle. As CNBC previously reported and as Begor repeated several times on the conference call, the data connected with the Equifax breach has never been found for sale on the dark web. Instead, intelligence experts and security executives have told CNBC the information was likely stolen by a foreign intelligence agency for spying purposes.
This means proving your data was misused as a result of the breach will be a difficult fight.
Settlements for “out-of-pocket” costs related to a security breach are already extremely rare, and generally must involve proving a direct connection between a real financial loss directly connected to data stolen. The same principle is likely to apply to proving fraud or data misuse, which would require consumers to prove the fraud was related to having their data stolen as a result of the Equifax breach and not a breach of another company.
Experian will be offering the four-year credit monitoring service, as it has for its own free monitoring service between 2017 and 2019. The company has set up a website describing the settlement: www.equifaxbreachsettlement.com. The FTC has also published details of the settlement on its website.
Equifax CEO called the incident “an attack on consumers and an attack on America” in a conference call Monday. The breach affected 147 million consumers, most in the U.S., but also in Europe and Canada.
“We believe the total amount we are making in our compensation fund reflects the seriousness with which we take this matter,” said Mark Begor, Equifax CEO. “Today’s announcement is a positive step for Equifax and for consumers.”