Consumer credit reporting agency, Equifax, Inc. recently agreed to settle class action claims that it failed to protect consumers’ data, resulting in a massive security breach. This breach exposed 147 million Americans’ personal information to potential theft and exploitation.
According to an unopposed motion for preliminary approval filed in the Northern District of Georgia, the proposed settlement provides for a $5.5 million fund for class member claims. It also requires Equifax to spend at least $25 million over the next two years to enhance its data security, as well as to pay fees and costs arising from the action.
Settling Initial Claims Against Equifax
In September 2017, Equifax, Inc. announced it had suffered a data breach. The breach, which impacted 147 million customers, spurred swift legal action from concerned individuals and government agencies, alike. In January 2020, Equifax agreed to a global settlement of $575 million with the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB), and all 50 U.S. states and territories to compensate those harmed by the breach. Under the settlement terms, Equifax agreed to contribute up to $425 million to individuals for various losses caused by the leak of personal data. The company also offered free credit monitoring to affected individuals. This compensation pool, however, was recently appealed, leaving individual payouts in a holding pattern.
Banking Class Action
While the first settlement addressed the data breach effects on the 147 million customers, it fell short for banks and other financial institutions that weathered the tangential impacts. In the wake of the breach, many financial organizations were left scrambling to cancel and reissue millions of credit and debit cards that were compromised in the breach. These financial companies deemed this to be compensable and brought these claims against Equifax in the form of a class action complaint.
Potential members of the class include all financial institutions who issued debit or credit cards that were affected by the breach. Actual membership, however, will ultimately be opt-in. Financial institutions that chose to include themselves in the class would, in turn, agree to release Equifax from any other potential claims. This includes claims related to the data breach itself, to fraud or improper use of the issued debit and credit cards, or “damage to the financial services ‘ecosystem’ as alleged in the complaint.”
The Proposed Settlement
The settlement outlines a $5.5 million fund out of which Equifax will compensate class members. Equifax would also be required to spend a minimum of $25 million over two years to improve its data security. Specifically, the company must focus on implementing industry-accepted cybersecurity standards that apply to Equifax’s systems and needs. As part of this cybersecurity requirement, Equifax would also be obligated to submit annual certifications to the attorneys for the class, stating that Equifax is complying with the terms of the agreement.
The proposed settlement also states that Equifax will pay up to $2 million in attorneys’ fees and up to $250,000 for litigation costs and expenses, should the court approve of these payments. The court is expected to rule on the proposed motion shortly. If approved, this settlement is just another drop in the bucket for Equifax’s breach reparations.
Expert Witness Specialty Index
Need to speak with an expert on the Equifax breach?
Explore a sample of our expert network.
E-417855
Consumer Credit Expert Witness | Georgia
E-428715
Credit Risk and Credit-Related Functions Expert Witness | Pennsylvania
E-564886
Credit Card Programs Expert Witness | Ohio
E-504526
Consumer Credit and Credit Cards Expert Witness | Colorado
E-155043
Commercial Credit and Collections Expert Witness | Washington
E-006455