Earn

Equifax to pay $700 million for massive data breach. Here's what you need to know about getting a cut

Credit reporting company Equifax Inc. corporate offices are pictured in Atlanta, Georgia.
Tami Chappell | Reuters

Consumers who had their private information compromised in the massive 2017 Equifax data breach will be able to claim up to $20,000 for their trouble, as well as receive ongoing monitoring and fraud assistance.

On Monday, Equifax agreed to pay $700 million to settle federal and state investigations into how it handled a massive data breach that affected nearly 150 million people, about 56% of Americans.

The proposed settlement, which still needs to be approved by a judge in what's expected to be a six-month process, includes $425 million to directly help consumers affected by the breach. The restitution fund will have $300 million dedicated to consumer compensation, with an additional $125 million at the ready if the initial funds run out.

"We have been committed to resolving this issue for consumers and have the financial capacity to manage the settlement," Equifax CEO Mark Begor said in a statement. "This comprehensive settlement is a positive step for U.S. consumers and Equifax as we move forward from the 2017 cybersecurity incident."

According to Equifax, individual consumers will be able to claim up to $20,000 for any losses or fraud caused by the breach or any out-of-pocket expenses they may have incurred, such as buying credit monitoring services or paying to freeze and unfreeze their credit reports. As part of that $20,000 restitution, consumers can submit claims for any time they had to spend dealing with data breach — $25 per hour, up to 20 hours, according to the Federal Trade Commission.

The claims process has not opened yet, but you can sign up for email notifications about the Equifax settlement from the FTC.

During a conference call Monday, a spokesperson from Equifax said that data from the 2017 breach has yet to be discovered for sale on the dark web. While that could make it more difficult for consumers to claim the total $20,000 cash payment available, Monday's settlement offers other forms of relief and ongoing help for consumers.

Consumers can claim additional services from Equifax

In addition to the cash compensation for those who can prove they directly lost time or money, all affected consumers will have the opportunity to receive at least four years of credit-monitoring services through Experian and up to an additional six more years of monitoring with Equifax. If you already have credit monitoring in place, you can request a $125 cash payment.

Starting next year, you can request up to six additional free credit reports per year from Equifax through 2027. This is in addition to the one free credit report from each credit bureau — Equifax, Experian and Transunion — that all Americans can request annually.

Additionally, the settlement allows for seven years of free assisted identity restoration service to help you fix any fraud or identity theft issues caused by the breach.

"This company's ineptitude, negligence, and lax security standards endangered the identities of half the U.S. population," New York Attorney General Letitia James said in a statement Monday. "Now it's time for the company to do what's right and not only pay restitution to the millions of victims of their data breach, but also provide every American who had their highly sensitive information accessed with the tools they need to battle identity theft in the future."

Scale of Equifax breach

The Equifax data breach was one of the largest in history. The company announced the data breach in September 2017, eventually reporting that 147 million consumers were affected. Hackers were able to get access to a multitude of consumer private information, including names, Social Security numbers, dates of birth, credit card numbers and even driver's license numbers.

During the investigation into the breach, Equifax admitted the company was informed in March that hackers could exploit a vulnerability in its system, but failed to install the necessary patches.

As part of Monday's settlement agreement, Equifax will also pay $175 million in civil penalties to states, and a $100 million fine to the Consumer Financial Protection Bureau.

While the $425 million restitution fund may seem modest for a breach of this scale, affecting 147 million consumers, Chi Chi Wu, staff attorney at the National Consumer Law Center, said it does provide some "real dollars" to consumers.

"Consumers should start filing claims as soon as they start being accepted — the more claims, the more Equifax pays, and the amount could include another $125 million if there are enough claims," she said in a statement.

Don't miss: Here's how much money hackers get for your Social Security Number and other info on the black market

Like this story? Subscribe to CNBC Make It on YouTube!

VIDEO2:5702:57
CFPB director Kathy Kraninger on the Equifax breach settlement
Credit reporting company Equifax Inc. corporate offices are pictured in Atlanta, Georgia.
Tami Chappell | Reuters
make it

Stay in the loop

Sign Up

About Us

Learn More

Follow Us

CNBC.COM