By Alex Lloyd Gross
July 22, 2019 Josh Shapiro, Attorney General for Pennsylvania announced that a settlement was reached with Equifax for a data breach on September 7 2017. $425 Million in consumer restitution is announced. If that is exhausted, then there is an additional $125 million available. This major security problem caused 40 different Attorney Generals to start their own investigations.
Consumers who are eligible for redress will be required to submit claims online or by mail. Paper claims forms can also be requested over the phone. Consumers will be able to obtain information about the settlement, check their eligibility to file a claim, and file a claim on the Equifax Settlement Breach online registry. To receive email updates regarding the launch of this online registry, consumers can sign up at www.ftc.gov/equifax. Consumers can also check www.attorneygeneral.gov for updates and call the settlement administrator at 1-833-759-2982 for more information. The program to pay restitution to consumers will be conducted in connection with settlements that have been reached in the multi-district class actions filed against Equifax, as well as settlements that were reached with the Federal Trade Commission and Consumer Financial Protection Bureau.
This is not just for Pennsylvania residents. Any person in the United States can file a claim.
Equifax has also agreed to take several steps to assist consumers who are either facing identity theft issues or who have already had their identities stolen including, but not limited to, terms:
- making it easier for consumers to freeze and thaw their credit;
- making it easier for consumers to dispute inaccurate information in credit reports; and
- requiring Equifax to maintain sufficient staff dedicated to assisting consumers who may be victims of identity theft.
Equifax has also agreed to strengthen its security practices going forward, including:
- reorganizing its data security team;
- minimizing its collection of sensitive data and the use of consumers’ Social Security numbers;
- performing regular security monitoring, logging and testing;
- employing improved access control and account management tools;
- reorganizing and segmenting its network; and
- reorganizing its patch management team and employing new policies regarding the identification and deployment of critical security updates and patches.
In addition to Pennsylvania, other Attorneys General participating in this settlement include Alabama, Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Idaho, Illinois, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Utah, Vermont, Virginia, Washington, Wisconsin, Wyoming, and the District of Columbia. Also joining are Texas, West Virginia and the Commonwealth of Puerto Rico.