Connecticut to collect $4.8M in Equifax breach

Connecticut Attorney General William Tong. Connecticut Attorney General William Tong. Photo: Cathy Zuraw / Hearst Connecticut Media Buy photo Photo: Cathy Zuraw / Hearst Connecticut Media Image 1 of / 1 Caption Close Connecticut to collect $4.8M in Equifax breach 1 / 1 Back to Gallery

Equifax will pay $4.8 million to the state of Connecticut and residents as part of a national settlement totaling some $700 million, after identity thieves siphoned off two years ago the personal information of hundreds of millions of people.

It is the largest penalty in U.S. history for a data breach, with the settlement including a consumer restitution fund of up to $425 million. More than 1.5 million Connecticut residents had their personal information exposed in the Equifax hack, of more than 147 million people nationally.

Equifax waited several weeks after discovering the breach before alerting the general public in September 2017, with identity thieves having infiltrated its systems months earlier. Mark Begor replaced Richard Smith as CEO, with both men former executives of General Electric.

Attorneys general in states nationally, including Connecticut AG William Tong and his predecessor George Jepsen, determined that Equifax was aware of a vulnerability in its software but failed to adequately implement a patch, and that it failed to maintain software to monitor the network that was breached.

“I think that a close to $700 million settlement sends a very, very strong message not just to Equifax … but to companies and organizations anywhere that receive and keep personal and financial information: that they need to take very serious care of it,” Tong told Hearst Connecticut Media on Monday. “That said, there’s nobody with a greater responsibility — at least in the private sector — than the ... credit reporting agencies.”

In addition to cash remuneration to affected consumers, Equifax will extend free credit monitoring services to 10 years.

In a company press release, Begor was quoted stating that the consumer fund “reflects the seriousness with which we take this matter” and that the company has been investing in $1.3 billion in improvements for security and technology.

“Our house is in order — meaning, our technology is sound, it works,” Begor said during a mid-May conference call with investment analysts. “We’re taking advantage of our big investment in security to really transform our technology, and the dialogues (with corporate) customers is really quite positive. They look at it (as), ‘well, this is the partner I want to be with, if they’re going to make this kind of investment in their technology.’”

Equifax had already set aside $690 million in anticipation of the settlement, with the company reporting resulting a $555 million loss in the first quarter of this year after recording profits of $472 million in the five prior full financial quarters since the revelation of the hack. In the first quarter of 2018, Equifax received $35 million under an insurance policy that covered a portion of the costs.

The company indicated it will pay $291 million directly to states, the Federal Trade Commission and other entities, and that it will cover their legal fees as well. Equifax is maintaining another $125 million in reserve to cover any additional and unanticipated consumer payments.

Equifax stated it will notify consumers of steps to collect once obtaining a judge’s approval for the settlement, with consumers able to get updates from the FTC via email, with signup online at www.ftc.gov/equifax-data-breach and information available via phone as well at 1-833-759-2982.

Alex.Soule@scni.com; 203-842-2545; @casoulman