Equifax to pay out $1.4 billion for data breach
The deal largely resolves the legal fallout from consumers whose personal and financial data was hacked following one of the nation’s largest data breaches.
Equifax has agreed to pay at least $1.4 billion to settle multidistrict litigation brought on behalf of 147 million consumers, and pay millions more to resolve civil complaints brought by the federal government and multiple state attorneys general over its massive 2017 data breach.
Monday’s notice of the proposed settlement, detailed in court papers filed in Atlanta, would largely resolve the legal fallout from consumers whose personal and financial data was hacked following one of the nation’s largest data breaches.
Related: One year later: The influence of Equifax & other data breaches on corporate culture
The civil settlement—which Equifax counsel and lawyers representing the consumer class were expected to announce at a hearing in U.S. District Court in Atlanta Monday morning—includes a commitment by the credit bureau to spend $1 billion on cybersecurity measures over the next five years and establish a $380.5 million fund to pay for four years of credit monitoring and financial help, where needed, in resolving identity theft issues for victimized consumers.
The fund would also reimburse consumers for expenses incurred in securing their personal information or repairing stolen identities after Equifax belatedly acknowledged the breach, according to the settlement terms.
Equifax also committed to expand the fund by at least another $125 million for excess out-of-pocket losses by consumers and, potentially make available as much as $2 billion more if all 147 million consumers sign on, according to the terms.The plaintiff consumers’ notice of settlement stated the retail value of the credit services alone would exceed $282 billion, or $1,920 per consumer, if all 147 million class members take advantage of Equifax’s settlement offer.
The plaintiff consumers’ notice of settlement stated the retail value of the credit services alone would exceed $282 billion, or $1,920 per consumer, if all 147 million class members take advantage of Equifax’s settlement offer. Equifax will not benefit from the credit protection services, which will be handled by Ireland-based consumer reporting agency Experian, according to the settlement terms.
Attorneys for the consumer class who negotiated the deal will receive about $77.5 million from the fund, according to the settlement agreement.
Retired U.S. District Judge Layn Phillips of the Western District of Oklahoma mediated the settlement agreement. Phillips is the founder of Phillips ADR Enterprises in California.
The consumer class settlement also includes provisions for an innovative, massive publicity campaign that will incorporate tools used in modern commercial and political advertising to reach class members through radio, print, mail, email and social media about their eligibility to file claims, and gives them an extended time frame for doing so.
Equifax and counsel for the consumer class reached a binding settlement agreement in March, according to settlement documents. Equifax then shared the terms with federal regulators and state attorneys general, according to the documents. Plaintiffs’ lawyers agreed to consider suggested alterations to the deal but were not bound to accept any changes regulators proposed before reaching their own separate deals with Equifax. All consumer remuneration and benefits will be administered through the Atlanta class action settlement, according to the settlement terms.
Separate civil settlements with the Consumer Financial Protection Bureau, the Federal Trade Commission, and 50 state attorneys general total $225 million, according to New York Attorney General Letitia James, including $50 million for the CFPB and $175 million in fines to be distributed to the states. New York will receive more than $9 million, she said.
The New York State Department of Financial Services also separately investigated Equifax’s security practices, and fined the company an additional $10 million for violating the federal Dodd-Franks Act and New York financial services laws, James said.
Equifax will pay an additional $50 million to the Consumer Financial protection Bureau and $175 million to the 50 states in fines, according to statements from several state attorneys general.
Shortly after Equifax went public about the breach in September 2017, a number of state attorneys general signed a letter to the company’s lawyers expressing “profound concerns” about its delay in notifying the public of the breach, and its decision to continue to charge consumers for its own credit-monitoring services or for placing security freezes on their credit reports.
A team of King & Spalding attorneys led by partners Phyllis Sumner and David Balser represent Equifax. They negotiated the deal after U.S. District Chief Judge Thomas Thrash refused to dismiss the multidistrict litigation last January. Last December, the U.S. House of Representatives Committee on Oversight and Government Reform released a report concluding the data breach was preventable.
Attorneys representing dozens of plaintiffs on behalf of the consumer class whose data was exposed included consumer plaintiffs’ lead counsel Ken Canfield of Atlanta’s Doffermyre Shields Canfield & Knowles; Norman Siegel of Kansas City’s Stueve Siegel and Amy Keller of Chicago’s DiCello Levitt. Former Georgia Gov. Roy Barnes of The Barnes Law Group in Marietta, and David Worley, a partner at Atlanta’s Evangelista Worley serve as liaison counsel.
The steering committee includes Andrew Friedman of Washington’s Cohen Milstein Sellers & Toll; Eric Gibbs of Girard Gibbs in Oakland, California; James Pizzirusso of Hausfeld in Washington; Ariana Tadler of New York’s Milberg Tadler Phillips Grossman; John Yanchunis of Morgan & Morgan in Tampa; William Murphy III of Murphy, Falcon & Murphy of Baltimore, and Marietta attorney Jason Doss.
Thrash is also presiding over a separate group of lawsuits filed against Equifax by a number of financial institutions that issued debit or credit cards to consumers whose personal information was compromised and then were faced with helping customers clean up the resulting mess.
Benefits available to class members include:
- Compensation of up to 20 hours at $25 an hour — including as much as 10 hours that can be self-certified with no documentation—for time spent taking preventative measures or dealing with identity theft.
- Reimbursement of up to $20,000 for documented losses traceable to the breach, including the cost of freezing or unfreezing credit files, buying credit monitoring services, out-of-pocket losses from identity theft or fraud, and professional fees associated with identity theft.
- A 25 percent refund to customers who bought credit monitoring or identity theft protection subscriptions from Equifax the year before the breach.
- Four years of three-bureau credit monitoring and identity protection services through Experian, a $1200 value, and an additional six years of one-bureau credit monitoring by Equifax, valued at $720.
- Alternative compensation of $125 for class members who already have credit monitoring or protection services in place.
- Identity restoration services through Experian to help class members for seven years who have been the victims of identity theft, including assignment of a certified identity theft restoration specialist and step-by-step assistance in dealing with credit bureaus, companies, and government agencies.
Read more: