Subscribe to Our Newsletter
State of California Department of Justice
Rob Bonta
Attorney General
Attorney General
Settlement Requires Increased Consumer Assistance and Ten Years of Free Credit Monitoring
SACRAMENTO – California Attorney General Xavier Becerra today announced a nationwide settlement against Equifax resolving allegations that the credit reporting agency improperly exposed the personal information of 147 million consumers, including 15 million Californians, after a massive data breach in 2017. The breach occurred after Equifax failed to apply a critical software fix and implement security measures that would have protected and encrypted consumers’ data. Data exposed by the breach included names, Social Security numbers, birth dates, addresses, and in some instances, driver’s license numbers. Equifax did not disclose the breach, which lasted from mid-May through July 2017, until September 2017. The settlement requires Equifax to pay up to $425 million into a restitution fund for affected consumers, pay another $175 million to states in penalties, and offer additional benefits like credit monitoring and consumer assistance for eligible consumers. In addition to other robust injunctive terms, Equifax must implement and maintain critical data security enhancements.
“On top of holding Equifax accountable for one of the most devastating data breaches to face our nation, we have now recovered hundreds of millions of dollars to help our families who fell victim. Equifax, one of only three major credit reporting agencies, had a responsibility to secure and protect Americans' data. Instead, it breached public trust,” said Attorney General Becerra. “Our credit status impacts nearly every aspect of our lives – from purchasing a home or a car to finding a job. The same Americans who had to immediately protect themselves from fraudsters or identify thieves will have to be vigilant for the rest of their lives. We encourage every eligible person to apply for the relief they are entitled to as part of our settlement.”
Affected consumers may get more information about the $425 million restitution fund by going to www.equifaxbreachsettlement.com or calling the settlement administrator at 1-833-759-2982. Eligible consumers may receive cash reimbursement for time or money spent trying to avoid or recover from fraud or identity theft because of the breach, as well as limited reimbursement for payments for Equifax credit monitoring or identity theft protection subscriptions. Eligible consumers may also receive free credit monitoring services for a period of up to ten years, or, alternatively, a cash payment for buying a different credit monitoring service.
This settlement is a result of collaborative efforts by a multistate coalition led by Attorney General Becerra. This settlement is also related to the settlements announced today by the Federal Trade Commission, the Consumer Financial Protection Bureau, and private litigants as part of a class action lawsuit. In addition to the restitution and credit monitoring provided by the settlement, Equifax will pay $175 million in penalties to the states, including more than $18.7 million to California, to support continued oversight and enforcement of consumer protection laws.
As part of the injunctive terms of the settlement, Equifax agrees to:
In addition to Attorney General Becerra, other Attorneys General participating in this settlement include Alabama, Alaska, Arizona, Arkansas, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Idaho, Illinois, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Utah, Vermont, Virginia, Washington, Wisconsin, Wyoming, and the District of Columbia. Also joining are Texas, West Virginia and the Commonwealth of Puerto Rico.
A copy of the complaint can be found here. The final approved judgment can be found here.