ATLANTA—Equifax has settled a lawsuit with financial institutions, most of which are credit unions, following its 2017 data breach that affected more than 147 million U.S. consumers.
As CUToday.info reported here, CUNA initially filed the lawsuit and was later joined by dozens of other plaintiffs, including state leagues and individual credit unions seeking to recover costs related to reissuing cards, reimbursing members and more.
In its settlement, Equifax has agree to:
- Pay up to $5.5 million to settlement class members who submit valid claims documenting unreimbursed out-of-pocket expenses associated with the breach and fraud reimbursement amounts paid to customers between July 6 and Dec. 20, 2017
- Spend a minimum of $25 million over the next two years on relevant data security measures
- Pay settlement costs and court-approved attorneys’ fees, expenses and service awards
Earlier Settlement for $700M
In 2019, the CFPB, Federal Trade Commission and 48 states, the District of Columbia and Puerto Rico announced a $700 million settlement with Equifax for the 2017 data breach.
In its complaint, the CFPB alleged Equifax engaged in "unfair and deceptive practices in violation of the Consumer Financial Protection Act of 2010" by:
- Failing to provide reasonable security for the sensitive personal information stored within its computer network
- Deceiving consumers about the strength of its data security program in privacy policies
- Engaging in acts and practices that caused additional harm or risk of harm to consumers in response to the breach