The 2017 Equifax data theft is said to be the worst yet, a hack in which information collected by the credit-reporting agency — 147 million names and their associated social security numbers, birth dates, addresses, and driver’s license numbers — were stolen by identity thieves. Equifax must pay $425 million into a restitution fund for affected consumers and $175 million in penalties, California’s Attorney General Xavier Becerra announced on July 22. In addition to assisting customers whose information has been compromised, Equifax must reduce its storage of social security numbers, not profit from the stolen information, and improve its security program.
Equifax collects information from banks, credit card companies, employers, landlords, and others to give lenders a detailed credit history on individuals, according to EPIC, the Electronic Privacy Information Center. In March 2017, the federal Homeland Security agency notified the three major credit-reporting companies — Equifax, Experian, and TransUnion — that their software maker had identified a vulnerability. Thieves struck Equifax in May, June, and July, which is when Equifax patched its software; it did not announce the thefts until September. The affected consumers included 10 million in California, as well as thousands in the U.K. and Canada. The settlement was reached by 48 states, D.C., Puerto Rico, the Federal Trade Commission, the Consumer Financial Protection Bureau, and private individuals in a class action suit.
By the terms of the settlement, consumers may file a claim to be reimbursed for fighting or recovering from the Equifax data theft, and for future credit monitoring. Consumers can go to equifaxbreachsettlement.com or call the settlement administrator at (833) 759-2982 for more information.