July 22, 2019 — Press Release

FOR IMMEDIATE RELEASE: July 22, 2019

Boston – Today, class action attorneys, federal regulators (Federal Trade Commission and Consumer Financial Protection Bureau (CFPB), and state Attorneys General reached a settlement with Equifax regarding its data breach that affected 147 million consumers. The final settlement includes a $175 million civil penalty to states, $100 million civil penalty to the CFPB, and a restitution fund for consumers, starting with $380.5 million and up to $505.5 million in total, with a cap of $20,000 per consumer. Details on applying for reimbursement, once finalized, will be available at https://www.equifaxbreachsettlement.com.

Chi Chi Wu, staff attorney at National Consumer Law Center issued the following statement in response to the announcement of the joint government and private settlement with Equifax over its 2017 data breach.

“We appreciate the work of class action counsel, the Federal Trade Commission, Consumer Financial Protection Bureau, and state Attorneys General in reaching this settlement. The $380.5 million restitution fund seems modest for a breach of this scale, affecting 147 million consumers, but it does provide some real dollars to consumers for time and out-of-pocket expenses. Consumers should start filing claims as soon as they start being accepted – the more claims, the more Equifax pays, and the amount could include another $125 million if there are enough claims.

“One huge concern is the long term consequences of the Equifax breach. The settlement provides some compensation right now, but the risk of identity theft is forever because our stolen Social Security numbers can be traded by hackers in perpetuity. The time period to file a claim, at most, is four years. What happens if a consumer is the victim of ID theft in the fifth year resulting from the breach, which costs the consumer tens of thousands of dollars?

“The provisions of the settlement requiring better data security measures are a start. But they should be applied to all the credit bureaus as well as other huge consumer reporting agencies that have tons of personal and sensitive data on us. Equifax’s competitors could be the target for the next big breach, if they aren’t already. The FTC has proposed some of these same requirements as part of its revision of the Safeguards rule, but two of the Commissioners oppose the changes which would help protect consumers.

“Much of the monetary relief focuses on credit monitoring, which is of limited effectiveness in preventing identity theft. Ironically, much of the funds for credit monitoring will go into the pockets of another credit bureau, Experian. Congress has already made free the single most effective measure to prevent identity theft – a security freeze. Consumers affected by the Equifax breach should just freeze their credit reports if they are concerned about identity theft.”

Support NCLC

Please support NCLC's work to advance consumer rights and economic justice with a tax-deductible contribution today!

Donate