LANSING – Michigan Attorney General Dana Nessel today announced her office has joined 49 Attorneys General in a multi-state settlement with Equifax as a result its massive 2017 data breach. The settlement includes up to $425 million in consumer restitution and $175 million to the states. Michigan’s share is $4,639,248 million.
The settlement is the largest data breach enforcement action in history.
“Equifax failed to address a critical security issue that left the door open so hackers could access personal information for millions of people across the country,” said Nessel. “This company knew there were problems and failed to address them – so consumers not only experienced a data breach but an unconscionable breach of trust by this company.”
On September 7, 2017, Equifax, one of the largest consumer reporting agencies in the world, announced a data breach affecting more than 147 million consumers — nearly half of the U.S. population. Breached information included social security numbers, names, dates of birth, addresses, credit card numbers, and in some cases, driver’s license numbers.
Shortly after, 50 Attorneys General launched a multi-state investigation into the breach. The investigation found that the breach occurred because Equifax failed to implement an adequate security program to protect consumers’ highly sensitive personal information. Despite knowing about a critical vulnerability in its software, Equifax failed to fully patch its systems. The company also failed to replace software that monitored the breached network for suspicious activity. As a result, attackers penetrated Equifax’s system and went unnoticed for 76 days.
Under the terms of the settlement, Equifax agreed to provide a single Consumer Restitution Fund of up to $425 million—with $300 million dedicated to consumer redress. If the $300 million is exhausted, the Fund can increase by up to an additional $125 million. The company will also offer affected consumers extended credit-monitoring services for a total of 10 years.
Equifax has also agreed to take several steps to assist consumers who are either facing identity theft issues or who have already had their identities stolen including, but not limited to:
Equifax has also agreed to strengthen its security practices going forward, including:
Consumers who are eligible for redress will be required to submit claims online or by mail. Paper claims forms can also be requested over the phone. Consumers will be able to obtain information about the settlement, check their eligibility to file a claim, and file a claim on the Equifax Settlement Breach online registry.
To receive email updates regarding the launch of this online registry, consumers can sign up at www.equifaxbreachsettlement.com. Consumers can also call the settlement administrator at 1-833-759-2982 for more information. The program to pay restitution to consumers will be conducted in connection with settlements that have been reached in the multi-district class actions filed against Equifax, as well as settlements that were reached with the Federal Trade Commission and Consumer Financial Protection Bureau.
In addition to Michigan, other Attorneys General participating in this settlement include Alabama, Alaska, Arizona, Arkansas, California, Colorado, the Commonwealth of Puerto Rico, Connecticut, Delaware, Florida, Georgia, Hawaii, Idaho, Illinois, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, Washington, West Virginia, Wisconsin, Wyoming, and the District of Columbia.