Connect with us

State News

Attorney General Herring secures $600 million from Equifax in largest data breach settlement in history

Published

on

RICHMOND (July 22, 2019) – Attorney General Mark R. Herring today announced that a coalition of 50 attorneys general, comprising 48 states, the District of Columbia, and the Commonwealth of Puerto Rico has reached a settlement with Equifax as the result of an investigation into a massive 2017 data breach. The investigation found that Equifax’s failure to maintain a reasonable security system enabled hackers to penetrate its systems, exposing the data of 56 percent of American adults—the largest-ever breach of consumer data. The settlement includes a Consumer Restitution Fund of up to $425 million, a $175 million payment to the states, which includes $4,302,173.75 for Virginia, and injunctive relief, which also includes a significant financial commitment. This is the largest data breach enforcement action in history.

“More than 4 million Virginians had their personal information compromised by Equifax’s negligence and failure to implement adequate security programs,” said Attorney General Herring. “I hope this settlement sends a message to companies nationwide that my colleagues and I will not tolerate their failure to keep consumers information protected and private. While this settlement puts Virginians who have been affected by the data breach one step closer to being made whole, consumers need to remain vigilant regarding their data, including monitoring their credit card and bank statements as well as credit reports.”

On September 7, 2017, Equifax, one of the largest consumer reporting agencies in the world, announced a data breach affecting more than 147 million consumers – nearly half of the U.S. population, including more than 4 million Virginians. Breached information included social security numbers, names, dates of birth, addresses, credit card numbers, and in some cases, driver’s license numbers.

Shortly after the breach, a coalition that grew to 50 attorneys general launched a multi-state investigation into the breach. The investigation found that the breach occurred because Equifax failed to implement an adequate security program to protect consumers’ highly sensitive personal information. Despite knowing about a critical vulnerability in its software, Equifax failed to fully patch its systems. Moreover, Equifax failed to replace software that monitored the breached network for suspicious activity. As a result, the attackers penetrated Equifax’s system and went unnoticed for 76 days.

Under the terms of the settlement, Equifax agreed to provide a single Consumer Restitution Fund of up to $425 million—with $300 million dedicated to consumer redress. If the $300 million is exhausted, the Fund can increase by up to an additional $125 million. The company will also offer affected consumers extended credit-monitoring services for a total of 10 years.

Equifax has also agreed to take several steps to assist consumers who are either facing identity theft issues or who have already had their identities stolen including, but not limited to, terms:
• making it easier for consumers to freeze and thaw their credit;
• making it easier for consumers to dispute inaccurate information in credit reports; and
• requiring Equifax to maintain sufficient staff dedicated to assisting consumers who may be victims of identity theft.

Additionally, Equifax has agreed to strengthen its security practices going forward, including:
• reorganizing its data security team;
• minimizing its collection of sensitive data and the use of consumers’ Social Security numbers;
• performing regular security monitoring, logging and testing;
• employing improved access control and account management tools;
• reorganizing and segmenting its network; and
• reorganizing its patch management team and employing new policies regarding the identification and deployment of critical security updates and patches.

Consumers who are eligible for redress will be required to submit claims online or by mail. Paper claims forms can also be requested over the phone. Consumers will be able to obtain information about the settlement, check their eligibility to file a claim, and file a claim on the Equifax Settlement Breach online registry. To receive email updates regarding the launch of this online registry, consumers can sign up at www.ftc.gov/equifax-data-breach. Consumers can also call the settlement administrator at 1-833-759-2982 for more information. The program to pay restitution to consumers will be conducted in connection with settlements that have been reached in the multi-district class actions filed against Equifax, as well as settlements that were reached with the Federal Trade Commission and Consumer Financial Protection Bureau.

In addition to Virginia, other attorneys general participating in this settlement include Alabama, Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Idaho, Illinois, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Utah, Vermont, Washington, Wisconsin, Wyoming, and the District of Columbia. Also joining are Texas, West Virginia, and the Commonwealth of Puerto Rico.

Front Royal, VA
73°
Cloudy
5:54 am8:41 pm EDT
Feels like: 73°F
Wind: 1mph WSW
Humidity: 97%
Pressure: 29.97"Hg
UV index: 0
WedThuFri
81°F / 70°F
84°F / 70°F
86°F / 70°F
Health2 hours ago

Weight-Loss Drug Also Shows Promise for Knee Pain

National News16 hours ago

US Labor Market Weakened in June

Community Events17 hours ago

St. John’s Drama Presents Summer Production of “The Phantom Tollbooth”

State News23 hours ago

Affordability, Jobs, Election Integrity Take Center Stage in Virginia’s 7th Congressional District Race

State News23 hours ago

State Budget Extends Virginia Higher Education Displacement Commission Funding for Two Years

National News23 hours ago

PJM Gets Green Light to Push Data Centers Onto Back-Up Power During Heat Wave

National News23 hours ago

America’s 250th Birthday Celebrated, Despite Extreme Heat, Canceled Events

Interesting Things to Know1 day ago

Ocean Ships at the Front Door

Interesting Things to Know1 day ago

Solving the Lens Fogging Problem

Interesting Things to Know1 day ago

How a King Became 42,000 Bullets

Local News2 days ago

Storm Damage Closes Water Street in Front Royal

State News2 days ago

Relay for America Passes Through Leesburg Carrying Message of Unity Ahead of America 250

Food2 days ago

The Slab Pie: Apple Pie Built for a Picnic

Interesting Things to Know2 days ago

Can You Fund Retirement Without Stocks?

Historically Speaking3 days ago

‘From the Consent of the Governed’

Livestream - FR Cardinals3 days ago

Cardinals Host Strasburg Express Sunday, July 5 at Bing Crosby Stadium

Obituaries3 days ago

Minnie Cassandra Stribling McDaniel (1956 – 2026)

Interesting Things to Know3 days ago

The Signer Who Paid the Price

Agriculture3 days ago

Right Trees Can Make Windbreaks Stronger and Longer Lasting

Local News4 days ago

The Declaration of Independence at 250

Common Ground with Coolidge4 days ago

Coolidge’s 1926 Warning Still Echoes Nearly a Century Later

Local News4 days ago

VDOT: Warren County Traffic Alert for July 6 – 10 2026

Business Growth Series4 days ago

Business Growth Series: If You’re Not Creating Opportunities, You’re Losing Them

State News4 days ago

Virginia Launches Nation’s First Court-Ordered Speed Limiter Program for Reckless Drivers

State News4 days ago

Virginia’s Reproductive Rights Amendment Faces Legal Challenges Over Procedural Step, Language