Equifax’s $700 million settlement with the U.S. government over a massive 2017 data breach includes up to $425 million for consumers.
The breach was one of the largest ever to threaten private information, as the breach exposed Social Security and other data on nearly 150 million people. Affected consumers would get free credit-monitoring and identity-restoration services for the next several years and may be eligible for money they’ve already spent on such services.
Here is what you need to know following Monday’s announcement about the agreement:
What is Ohio’s cut of the settlement?
The Columbus Dispatch reported Ohio will receive at least $7.4 million.
“Equifax knew about its vulnerability for months ahead of the breach but did nothing to plug the gap in its defenses,” Ohio Attorney General Dave Yost said Monday. “A swift response could have prevented this whole ordeal.”
A state spokesman said $5 million of the payment will go into the general operating fund of the attorney general’s office while the remaining $2 million-plus will be used to fund consumer-protection activities.
How did hackers break in?
According to the Government Accountability Office, the investigative arm of Congress, a server hosting Equifax’s online dispute portal was running software with a known weak spot. The hackers, who have not been identified, jumped through the opening. Hiding behind encryption tools, they sent 9,000 queries to dozens of databases containing consumers’ personal information, and then methodically extracted the information.
The attack went unnoticed by Equifax for more than six weeks.
How has Equifax responded?
The company has said it took steps to fix the issues that allowed the breach to occur. The company also shook up its management, gave consumers more control over their Equifax data and introduced a free credit-alert service.
How can you find out if you were affected?
Equifax has a page, https://www.equifaxsecurity2017.com, with a link to look up whether your information was exposed.
The settlement must still be approved by the U.S. District Court in Atlanta. Consumers can’t file claims until after the settlement receives court approval.
Affected consumers may be eligible for up to $20,000 in reimbursements for losses from unauthorized charges to affected accounts, legal and other fees, credit-monitoring or identity-theft-protection services and expenses related to freezing or unfreezing credit reports. For the time spent dealing with the breach, consumers can seek $25 per hour for up to 20 hours as compensation.
All impacted consumers will be eligible to receive 10 years of free credit monitoring, at least seven years of free identity-restoration services, and, starting in 2020, six free copies of their Equifax credit report each year for seven years. That’s on top of the free copy consumers can already get by law every 12 months from each of the three big agencies — Equifax, Experian and TransUnion. For minors, free credit monitoring increases to 18 years.