The Consumer Financial Protection Bureau (CFPB) announced  along with the Federal Trade Commission (FTC), and 48 states, the District of Columbia and Puerto Rico announced a settlement with Equifax, providing up to $700 million in monetary relief and penalties. According to a complaint and proposed stipulated judgment filed in federal district court in the Northern District of Georgia, the CFPB alleges that Equifax engaged in unfair and deceptive practices in connection with the 2017 data breach of Equifax’s systems that impacted approximately 147 million consumers.
“Today’s announcement is not the end of our efforts to make sure consumers’ sensitive personal information is safe and secure,” said CFPB Director Kathleen L. Kraninger in a statement. “The incident at Equifax underscores the evolving cyber security threats confronting both private and government computer systems and actions they must take to shield the personal information of consumers. Too much is at stake for the financial security of the American people to make these protections anything less than a top priority.”
If approved by the court, the settlement will provide up to $425 million in monetary relief to consumers, a $100 million civil money penalty, and other relief, adding up to around $700 million in relief and penalties.
“For consumers impacted by the Equifax breach, today’s settlement will make available up to $425 million for time and money they spent to protect themselves from potential threats of identity theft or addressing incidents of identity theft as a result of the breach. We encourage consumers impacted by the breach to submit their claims in order to receive free credit monitoring or cash reimbursements,” concluded Kraninger.
“Companies that profit from personal information have an extra responsibility to protect and secure that data,” said FTC Chairman Joe Simons. “Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers. This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”