Federal and state officials and credit reporting agency Equifax have reached a settlement over a 2017 data breach that impacted 147 million people, including nearly 1.6 million in Connecticut.
The Federal Trade Commission and a group of attorneys general from 48 states, including Connecticut AG William Tong, announced Monday that Equifax had agreed to pay between $575 million and $700 million to affected states and the FTC, and for credit-monitoring services, including reimbursement for those who paid for monitoring services because of the breach.
The amount of the settlement could change depending on the number of claims still to be filed by consumers.
Officials said hackers exploited a security flaw in Equifax’s system to steal reams of data, including social security numbers, names, dates of birth, addresses, credit card numbers and driver’s license numbers. The activity went unnoticed for 76 days, officials said.
The coalition of AGs launched an investigation that determined Equifax, despite knowing about a “critical vulnerability” in its software, failed to fully patch its systems, and also failed to replace software that monitored its network for suspicious activity.
“Equifax ignored its security obligations and exposed the personal information of half of the American people,” Tong said in a statement. “This settlement — the largest data breach enforcement action in history — sends a clear message that failure to implement reasonable security measures will not be tolerated and that cybersecurity cannot be overlooked.”
Connecticut’s share of the settlement amounts to approximately $3 per affected resident.
Consumers who believe they’re eligible for redress from the hack can find more information here.
As part of the settlement, Equifax has also agreed to strengthen its security practices, make it easier for consumers to freeze and thaw their credit and to dispute inaccurate information on credit reports, and to maintain sufficient staffing to assist consumers who may be victims of identity theft.
