The settlement with Equifax is the largest in U.S. history, according to Ohio’s attorney general office, which was part of negotiations following the hack that exposed sensitive information of more than 148 million people.
“Early on, other experts were indicating that this could be something that one year, two, three years down the road, this information may be used,” said Shawn Waldman, CEO and founder of Miamisburg-based Secure Cyber Defense. “There was so much information made available to (the hackers), it could take a long time for this to really get sorted out through the dark web and through the other criminal channels.”
A coalition of state attorneys general found that Equifax failed “to maintain reasonable security systems,” allowing hackers to breach the data, according to a statement from Ohio Attorney General Dave Yost’s office. Breached data included Social Security numbers, names, dates of birth and addresses, along with credit card and driver’s license numbers in some cases.
“Today’s constant threat of cybercrime leaves no room for stewards of the public’s data to ignore security flaws,” Yost said. “Equifax knew about its vulnerability for months ahead of the breach but did nothing to plug the gap in its defenses. A swift response could have prevented this whole ordeal.”
»PHOTOS: Downtown “smart home” with $35K in electronics on market
The settlement includes up to $425 million to a consumer restitution fund. The money can be used to reimburse time and money those impacted spend to protect themselves from threats resulting from the breaches.
“We have been committed to resolving this issue for consumers and have the financial capacity to manage the settlement while continuing our $1.25 billion EFX2020 technology and security investment program,” said Equifax CEO Mark Begor.
Ohio will receive at least $7.14 million as part of a $175 million payment to states involved. Equifax will also be required to pay a $100 million penalty to the Consumer Financial Protection Bureau, according to a release from CFPB.
Affected consumers can also get extended credit-monitoring services for at least 10 years from Equifax, something Waldman said is the most important for impacted consumers.
“Your Social Security number is your Social Security number. There’s no changing that,” Waldman said. “Don’t let your guard down because that’s what they want you to do.”
Consumers can also monitor banks and other financial connections closely, set up credit card and bank transaction notifications and freeze credit so nobody else can’t use their information to take out loans or open accounts.
Consumers eligible for restitution can submit claims online or by mail. They can also call a settlement administrator at 1-833-759-2982 for more information.
»RELATED: Premier Health patient information may have been compromised
Equifax first announced its data breach on Sept. 7, 2017, after it went unnoticed for 76 days, the 47-state investigation found. In addition to to failing to have an adequate security program, Equifax didn’t replace software that monitored the breached network for suspicious activity, according to Yost’s statement.
As part of the settlement, Equifax will take additional measures to better protect consumers’ information in the future, according to the release.
These include: making it easier to freeze and thaw credit, making it easier for consumers to dispute inaccurate information on credit reports, maintaining sufficient staff to assist consumers who may be victims of identity theft, strengthening its security practices, reorganizing its data security team, minimizing its collection of sensitive data and the use of consumers’ Social Security numbers and performing regular security monitoring.
“For a credit bureau to be compromised, that was a pretty good breach of trust,” Waldman said. “The larger you are, the more valuable the information, the more you’re going to be a target and the more you’ve got to up your game from a cyber security perspective.”
FIVE FAST READS
• Student debt still higher in Ohio than many other states
• Area Kohl’s stores launch free Amazon returns
• Back-to-school shopping begins early as schools prepare for openings
• Dorothy Lane opening Killer Brownie manufacturing facility
• Farmers expect major crop yield losses after record planting delays
Tips for affected consumers include:
• Check your credit report. Monitoring your credit report can help identify signs of potential identity theft. You are entitled to one free credit report per year from each of the three major credit reporting agencies. Visit www.AnnualCreditReport.com to access those reports. You can pull all three at once, or you can stagger pulling your reports throughout the year.
• Place an initial fraud alert on your credit report. Contact one of the three major credit reporting agencies — Experian, Equifax, or TransUnion — to place an initial fraud alert, which will stay on your credit report for 90 days. The alert is free of charge and will make it more difficult for someone to open credit in your name.
• Consider placing a security freeze on your credit report. A security freeze essentially puts a lock on your credit so that most third parties can’t access your report. This helps protect you from unauthorized accounts being opened in your name. In Ohio, security freezes are permanent until you lift them. You can be charged a $5 fee per credit reporting agency to place or remove a freeze. Contact each credit reporting agency separately to place a freeze.
• Beware of scams related to the breach. Con artists may pretend to have information about the breach or they may falsely claim to want to help you. Some calls or messages may be scams designed to steal your money or personal information. Don’t give out personal information to those who contact you unexpectedly (even if they say they want to help you) and be wary about clicking on links or downloading attachments in messages.
• Monitor your bank accounts. Look for suspicious activity. If you find errors, immediately notify your bank or credit provider.
• When it’s tax season, consider filing early. File your taxes as soon as you have all of the information necessary to file so that there is less of a chance for someone to fraudulently file on your behalf. This is especially important if you know your information has been compromised.
Source: Ohio Attorney General