Equifax Data Breach: Ohio Agrees To Settlement

Ohio and 46 other states have agreed to a settlement with Equifax following an investigation into one of the largest data breaches in U.S. history.

“Today’s constant threat of cybercrime leaves no room for stewards of the public’s data to ignore security flaws,” Ohio Attorney General Dave Yost said. “Equifax knew about its vulnerability for months ahead of the breach but did nothing to plug the gap in its defenses. A swift response could have prevented this whole ordeal.”

On September 7, 2017, Equifax announced a data breach of its system — a breach that impacted 147 million Americans, more than half of the nation's population, Yost said. The breached information included Social Security numbers, names, dates of birth, addresses and, in some cases, credit card and driver's license numbers.

After the breach was announced, a 47-state investigation, partly led by Ohio, was launched. The team determined that Equifax failed to implement proper cyber security and didn't update months-old software, the Federal Trade Commission and attorneys general said. The team of attorneys general added that the breach went unnoticed for 76 days.

As part of the settlement, $425 million will go to a consumer restitution fund and $125 million will be paid out to states. At least $7.14 million will be directed to Ohio, Yost said. Equifax is also offering consumers impacted by the breach extended credit-monitoring services for at least 10 years.

Consumers who are eligible for restitution will be required to submit their claims online or by mail. Paper claims can be requested over the phone or consumers can visit the Equifax Settlement Breach online registry to get info on the settlement, check their eligibility or file a claim.

To receive email updates regarding the launch of this online registry, consumers can sign up at www.ftc.gov/equifax-data-breach. Consumers can also call the settlement administrator at 1-833-759-2982 for more information.

“Companies that profit from personal information have an extra responsibility to protect and secure that data,” said FTC Chairman Joe Simons. “Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers. This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”

The settlement also includes specific measures to be taken to protect consumer information. For instance, Equifax has agreed to reorganize its data security team, minimize its use of sensitive consumer data, and perform regular security monitoring, logging and testing.