Equifax Data Breaches and Settlements

Breach and Leak Report: Materials of Equifax data breach and security issues help victims avoid further privacy leaks and claim compensation; it includes accidents reports and particular cases.

Search Email/Password Breach
 Learn how to check breach in 5 minutes
 Tips about Data Breach
 By Jackson WhiteBack to Breach List  
Equifax Data Breaches and Settlements
1. Data Breaches and Security Issues
Equifax Data BreachEquifax collects information on over 800 million individual consumers and more than 88 million businesses worldwide, so any of its data security accidents will risk lots of people's private information. The company or third side has announced a series of data breaches and security intrusions in recent years, exposing personal information, including names, credit card data, and SSN (Social security Number). The list of prominent Equifax breaches is as:

A. Around Dec 2016, an internal portal was accessible to open the Internet: Motherboard reported the issue. The researcher downloaded the data of hundreds of thousands of Americans that show Equifax the vulnerabilities within its systems. Hopefully, the defect had been fixed quickly, and cyber attackers hadn't downloaded more data then.

B. March 2017 Security Breach: Equifax had been the victim of a significant breach of its computer systems in March 2017. In early March, it started to notify a small number of outsiders and banking customers about this attack. The accident was reported to victims, but Equifax didn't fix it quickly enough. The much more serious data breaches in the following months are believed through the same route.

C. May–July Breaches: It is the worst credit data leakage in history. On September 7, 2017, Equifax announced cyber identity theft, potentially impacting approximately 140+ million U.S. consumers. The other main points are:

  • the data breach happened from mid-May
  • identified on July 29, 2017
  • hired Mandiant on August 2, 2017, to internally investigate the intrusion
  • comprised data of 400,000 British residents, 20,000 Canadian residents
  • breached data: first and last name, SSN, birth date, address, driver's license
  • credit card numbers for 209,000 U.S. consumers
  • personal identifying information for 182,000 U.S. consumers
In Oct 2017, Equifax disclosed more details about the breach after two months' investigating:
  • the breach impacted 2.5 million more Americans, and the total number is 145.5 million
  • totally 15.2 million U.K. customers had their records compromised in the leakage, of which 693,665 had sensitive personal data
  • the number of drivers' licenses breached in the attack was 10-11 million.

D: 2017 exposure of Argentinian consumer data: In September 2017, a password accident occurred at an Argentinian arm of Equifax, which exposed 14K customers and 100 staff members' private data to anyone who entered "admin" as both the username and password for one online system.

E. 2017 vulnerable mobile apps On September 7, 2017, Equifax removed its official mobile apps from the Apple App Store and Google Play because of security flaws. These flaws had no matter with the early big data breach but were vulnerable owing to some parts using HTTP instead of HTTPS.

F. 2017 exposure of American salary data On October 8, 2017, The Work Number, a website operated by Equifax, exposed the salary histories of tens of thousands of U.S. companies to anyone in possession of the employee's SSN and date of birth.

G. Website dispatch malware On October 12, 2017, Equifax's website was reported to have been offering visitors malware through download, which attackers disguised as an update for Adobe Flash. (The next day, the attack was revealed to be performed by hijacking third-party analytics JavaScript from Digital River brand FireClick.) at that time, only 3 out of 65 top anti-malware products can deal with the malware; it means many victims of the malware get infected by visiting the Equifax website.

2. Settlements for Victims
Equifax Data BreachIf you doubt your private data are leaked from Equifax, no matter if you want to sue it, you should take actions to reduce the impact of the breach: the primary advice is to request a credit freeze.

Due to Equifax's bad records in data security, many lawsuits have been filed against it, especially for the breaches between May and July of 2017. One suit from the law firm Geragos & Geragos, which would be the giant class-action suit in U.S. history, would seek up to $70 billion in damages.

Of course, victims can claim ownership rights in distinctive ways. As a matter of fact, since October 2017, hundreds of victims have sued Equifax for data breaches, some winning small claims cases over $9,000, including
  • actual damages
  • future damages
  • anxiety
  • monitoring fees
  • punitive damages
2.1 Residents of the United States or Puerto Rico in 2017
On July 22, 2019, Equifax agreed to a settlement with the FTC and CFPB for U.S. and Puerto Rico residents related to data breaches from May to July 2017. The total cost of the settlement is over $500 million, including $300 million to a fund for victim compensation, $175 million to the states and territories, and $100 million in fines.

In July 2019, the FTC published details at EQUIFAX DATA BREACH SETTLEMENT, where any victim could file a claim against the compensation fund.

Am I eligible in the settlement? Here to Check if my data were breached?

If you are a class member, the settlement means:
  • a minimum of four years of free three-bureau credit monitoring offered through Experian to those covered by the deal to protect them from future identity theft;
  • those who already have a credit-monitoring service will be eligible for $125 cash payments instead;
  • Other Cash Payments;
  • Free Identity Restoration Services.
In or Out the Settlement
Suppose you are eligible for account holder covered by this settlement, but you want to sue your case separately. In that case, you can exclude yourself from the settlement by informing the Settlement Administrator to opt out.

Then you retain your rights to sue Equifax for claims related to the Data Breach separately. The deadline is November 19, 2019.

If you opt-out, you may not claim benefits under the settlement.

If you aren't opt-out, you are in the settlement automatically, but most of your rights still have deadlines. You have to claim before them.

If you do nothing, you can access Identity Restoration Services with no deadline but will not be entitled to any other benefits provided under the settlement after the deadlines.

Cash Payments up to $20,000
If you are an eligible account holder in the settlement, your core rights have a deadline: January 22, 2020. If you don't file a claim before such a day, you may lose possible cash.

Those who already have a credit-monitoring service can submit a claim for a cash payment of $125. You may also be eligible for the following cash payments up to $20,000 for other items, like out-of-pocket losses and lost time suffered because of the data breaches.

It includes payment for up to 20 hours at a rate of $25 per hour, on which you spent remedying fraud, identity theft, or other misuses of your personal information caused by the data breach, or purchasing credit monitoring or freezing credit reports.

Contacts for the Settlement
For complete information and to file a claim for benefits, visit the Settlement Website, EQUIFAX DATA BREACH SETTLEMENT
  • Email: info@EquifaxBreachSettlement.com
  • website: Contact
3. Reports for Equifax Data Breach