SALT LAKE CITY — Utah consumers could be in line for reimbursements under a nationwide settlement with Equifax after a 2017 data breach of the credit monitoring company.
More than 147 million Americans, including 1.2 million Utahns, were impacted by the massive breach. Equifax will pay more than $600 million to settle state class-action lawsuits and Federal Trade Commission investigations. Utah joined a coaltion of states that launched an investigation into the company.
“I’m pleased Equifax will take serious steps to protect and reimburse consumers, even if it comes only after one of the worst lapses of consumer data protection in our history,” said Utah Attorney General Sean Reyes.
Reyes said just the fear and uncertainty alone from the breach victimizes those whose data was compromised. Breached information included Social Security numbers, names, dates of birth, addresses, credit card numbers, and in some cases, driver’s license numbers.
“I’m hopeful this offers some measure of relief to Utahns whose lives have been disrupted or even more significantly damaged," he said.
Reyes urged Utahns affected by the breach to take advantage of Equifax’s agreement to pay for credit monitoring, identity theft protection and other measures and reimbursements.
The settlement includes up to $425 million to help people affected by the data breach. Claims information may be found at www.ftc.gov/equifax-data-breach.
Equifax also agreed to pay the states a total of $175 million, including just over $1.4 million for Utah.
Consumers may be eligible for payments of up to $20,000 for time they spent remedying fraud or misuse of personal information or out-of-pocket losses. But CNBC reported that it mightbe difficult for them to collect.
Equifax CEO Mark Begor said several times on a conference call Monday that data connected with the breach has never been found for sale on the darknet. Instead, intelligence experts and security executives have told CNBC that the information was likely stolen by a foreign intelligence agency for spying purposes.
That means proving data was misused as a result of the breach will be a difficult fight, according to CNBC.
Equifax has also agreed to take steps to help consumers who are either facing identity theft issues or who have already had their identities stolen by making it easier to freeze and thaw credit and dispute inaccurate information in credit reports.
A multistate investigation found that the breach occurred because Equifax failed to implement an adequate security program to protect consumers’ sensitive personal information. Despite knowing about a critical vulnerability in its software, the company failed to fully patch its systems.
Equifax failed to replace software that monitored the breached network for suspicious activity. As a result, the attackers penetrated its system and went unnoticed for 76 days.