Atlanta based Equifax has announced a $671 million settlement as a result of a data breach in 2017. Nearly 150 million Americans had their information exposed.
Caption

Atlanta based Equifax has announced a $671 million settlement as a result of a data breach in 2017. Nearly 150 million Americans had their information exposed. / AP

Atlanta based Equifax announced a $671 million settlement Monday as a result of the 2017 data breach.

According to the Federal Trade Commission, 147 million Americans had their personal information exposed in a data breach, including social security and credit card numbers.

The credit bureau has agreed to set aside $425 million in restitution for customers who may be affected.

"I think it reflects the seriousness that we took this matter and our commitment to supporting consumers,” CEO Mark Begor said. “To date we haven't seen any instances of our data that was stolen being sold or any increases in identity theft."

Begor said the company continues to monitor the dark web for any instances of this happening.

The settlement still needs court approval which he said he expects to happen in about six months.

As part of the settlement, Equifax is offering up to a decade of free credit monitoring or $125 if you choose not to enroll in the service. Cash payments as part of the settlement are capped at $20,000 per person.

Also, starting in 2020, consumers can get six free credit reports a year from Equifax for the next seven years.

The company also agreed to pay $290.5 million to federal and state agencies to cover attorney fees and costs.

Georgia Attorney General Chris Carr called the settlement “fair and appropriate.”

“As I stated at the beginning of this investigation, our primary responsibility is to protect the consumers of Georgia, millions of whom, through no fault of their own, had their personal information compromised in this data breach,” Carr said in a press release.

However, some consumer advocacy groups said the deal did not go far enough.

“The shelf life of financial DNA is forever so this sounds like a sweetheart deal for a company that failed to do its basic job: protect consumer data,” US PIRG said in a statement.

The data breach settlement is the largest of its kind.