Equifax has agreed to pay $380.5 million to resolve allegations related to the 2017 data breach in which hackers stole information belonging to some 147 million Americans, under the terms of a settlement approved by a federal judge.
A court in the Northern District of Georgia on Monday approved an agreement covering the roughly 147 million people whose information was compromised when hackers spent May 2017 through July 2017 lurking in Equifax’s system. Equifax had failed to fix a known vulnerability, resulting in the theft of information about many Americans who never signed up with the credit monitoring service. A House Oversight committee in October 2018 said the incident was “entirely preventable.”
Under the terms of the settlement, Equifax will deposit the $380.5 million into a fund where members of the class action suit can withdraw up to $20,000, if they can prove out-of-pocket losses. Equifax may also be required to add $125 million for additional out-of-pocket claims, and spend at least $1 billion on improving its data protection capabilities.
The deadline to apply for a share of the settlement is Jan. 22. To apply, those impacted must follow a series of instructions on EquifaxBreachSettlement.com, where it’s also possible to determine individual eligibility. The public response to the settlement has been “overwhelming,” the U.S. Federal Trade Commission said.
Members of the class action claim also will receive up to 10 years of credit monitoring, or financial compensation if they already have credit monitoring in place.
The judge’s decision Monday represents the final approval of a settlement deal initially proposed in July, in which both sides pegged minimum Equifax’s costs at roughly $1.38 billion. The company may also need to spend an additional $2 billion, depending on the number of credit monitoring claims.
Attorneys in the case are slated to receive $77.5 million, plus $2,500 for each settlement class representative, topping out at $250,000.