California claimants in Equifax deal could reach 15 million.
Settlement worth nearly $700 million is in response to a 2017 data breach
Millions of Californians who had their Social Security numbers, home addresses and other personal information exposed in a 2017 security breach at Equifax are eligible to file for a piece of a settlement worth up to $700 million reached between the credit reporting and the federal government.
California Attorney General Xavier Becerra announced Monday that 15 million Californians are eligible to receive some of the approximately $18.7 million that the state will get as part of the deal between Atlanta-based Equifax and the Federal Trade Commission that was unveiled late Sunday.
“We need to put confidence back into the word confidential,” Becerra said, at a press conference in Sacramento. “That’s why we’re holding Equifax accountable today.”
Becerra said the Equifax hack was one of the most devastating data breaches in United States history, exposing the personal information of more than 147 million consumers. Along with TransUnion and Experian, Equifax is one of three national companies that collect, store and report credit information on American consumers.
“The really critical part of this settlement is that you’re talking about a credit bureau,” he said. “Try to apply for a job or a credit card without someone seeing your credit, you can’t. You have to know that when you give up
it’s for a good reason. And we should have the confidence that our private information should be maintained.”
Under the settlement, which is pending court approval, Equifax will establish a $300 million fund, pay $175 million in fines to individual states, and pay an additional $100 million fine to the Consumer Financial Protection Board. The settlement would also require the company to pay an additional $125 million into the consumer restitution fund if needed.
The FTC said that consumers can apply to reclaim up to $20,000, if they can provide receipts for what they spent on credit reports, account freezes and account monitoring as a result of the Equifax breach. Individuals who paid third-party credit monitoring services can up to $125 in reimbursement from the settlement. The FTC said consumers can also be paid back $25 an hour for up to 20 hours for time they spent dealing with the matter, and can selfcertify up to 10 of those hours.
“It is very difficult to trace specific identity theft back to a specific breach,” Maneesha Mithal of the FTC said during a news conference in Washington. “Even for consumers who have not necessarily suffered out-of-pocket losses, it can be a real burden and a hassle… to unravel the identity theft.”
Affected consumers will be eligible for free credit monitoring for up to 10 years and identitytheft restoration services, Mithal said.
The FTC has set up a site for consumers to find more information about the settlement.
The deal stems from Equifax’s 2017 disclosure that hackers had used a flaw in the company’s security systems to obtain consumers’ private information, including names, Social Security numbers, birth dates, driver’s license numbers and home addresses. The federal government said that hackers had access to the Equifax data for more than two months, and that the company did not disclose the breach until six weeks after learning of the matter. The incident led to the resignations of then-chief executive Richard Smith and several other Equifax executives.
“Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers,” FTC Chairman Joe Simons said in a statement. The settlement, Simons added, will “ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”
Bay Area News Group reporter Levi Sumagaysay contributed to this report.