Equifax to pay $380.5 million in data breach settlement in the US

Equifax settles class-action lawsuit over 2017 data breach that spilt personal data of 147 million Americans (and more than 15.2 million Brits)

Equifax has agreed to pay $380.5 million to settle a class-action lawsuit in the US over its 2017 data breach. The agreement finalises the terms of its settlement with the US Federal Trade Commission (FTC), announced in July 2019.

The total compensation package is expected to cost Equifax as much as $700 million. Affected Americans - around 60 per cent of the adult population - can claim up to $20,000 in compensation each. The website set-up to handle claims, www.EquifaxBreachSettlement.com, can also determine eligibility.

However, applicants only have until 22^nd January 2020 to file their claim and the conditions are somewhat onerous.

Individuals can also claim up to ten years of free credit monitoring, including four years from Experian and TransUnion, as well as from Equifax, who will be obliged to provide a further six years of credit monitoring. Minors as of May 2017 will be able to claim 18 years of free credit monitoring.

The settlement was approved by a court in the Northern District of Georgia on Monday.

The total cost of the settlement for Equifax has been estimated at just under $1.4 billion, with the costs of providing free credit monitoring potentially costing the company as much as $2 billion on top of that, depending on how many people take it up.

However, the compensation comes with several caveats that will almost certainly restrict Equifax's exposure.

Applicants need to show losses from unauthorised charges to accounts, the cost of freezing and unfreezing their credit reports, the cost of credit monitoring, fees paid to accountants and/or lawyers and any other expenses.

People claiming for time spent dealing with the consequences of the breach can claim $25 per hour for up to 20 hours (ie: $500) but, again, must "describe the actions" they took and the time spent. This portion of the compensation is capped, so claims may be reduced, the FTC warns.

The breach compromised the records of up to 147 million consumers, including as many as 15.2 million UK consumers. The company had originally said that just 400,000 Brits were caught up in the security breach.