RSS   Newsletter   Contact   Advertise with us

Michigan receives $4,639,248 as a result of AG settlement with Equifax

Christian Fernsby ▼ | September 19, 2019
The Michigan Department of Attorney General has announced that a settlement with Equifax that was to bring $4,639,247.70 into Michigan’s general fund was received by the Department of Treasury.
Equifax
America   Equifax
The 50-state settlement, announced in July, is the result of Equifax’s massive 2017 data breach and is the largest data breach enforcement action in history.

Topics: Michigan Equifax settlement

Two years ago, Equifax, one of the largest consumer reporting agencies in the world, announced a data breach affecting more than 147 million consumers.

Fifty attorneys general launched an investigation into the breach that determined it occurred because Equifax failed to implement an adequate security program to protect consumers’ highly sensitive personal information including social security numbers, dates of birth, addresses, credit card numbers and, in some cases, driver’s license numbers.

Equifax knew about a critical vulnerability in its software but failed to address it.

Under the terms of the settlement, Equifax agreed to provide a single Consumer Restitution Fund of up to $425 million—with $300 million dedicated to consumer redress.

If the $300 million is exhausted, the Fund can increase by up to an additional $125 million.

The company will also offer affected consumers extended credit-monitoring services for a total of 10 years.

Equifax has also agreed to take several steps to assist consumers who are either facing identity theft issues or who have already had their identities stolen including, but not limited to:

- making it easier for consumers to freeze and thaw their credit;

- making it easier for consumers to dispute inaccurate information in credit reports; and

- requiring Equifax to maintain sufficient staff dedicated to assisting consumers who may be victims of identity theft.

Equifax also agreed to strengthen its security practices going forward, including:

- reorganizing its data security team;

- minimizing its collection of sensitive data and the use of consumers’ Social Security numbers;

- performing regular security monitoring, logging and testing;

- employing improved access control and account management tools;

- reorganizing and segmenting its network; and

- reorganizing its patch management team and employing new policies regarding the identification and deployment of critical security updates and patches.


 

MORE INSIDE POST