ATLANTA — Georgia Attorney General Chris Carr said he was pleased with his office’s “significant role” in the announcement of a $600 million settlement with Atlanta-based Equifax over a massive 2017 data breach.
A coalition of 50 attorneys general reached the settlement, Carr’s office said in a statement on Monday.
More than $7 million of a lump payment to the states and territories represented in the coalition will go to Georgia.
The statement said Georgia “played a leading role in this investigation” into Equifax’s failures in the data breach, which exposed the personal information of a staggering 56 percent of all American adults. It was considered the largest-ever data breach of consumer data, and the settlement was described by Carr’s office as the largest-ever data breach enforcement action.
“As I stated at the beginning of this investigation, our primary responsibility is to protect the consumers of Georgia, millions of whom, through no fault of their own, had their personal information compromised in this data breach,” Carr said. “I am pleased that our office played a significant role in this investigation, obtaining a fair and appropriate settlement, ensuring substantial consumer relief and requiring the implementation of robust security measures to protect against future exposure of consumers’ private data.”
The settlement includes a fund for consumers who were affected by the breach of up to $425 million and another $175 million payment to states. According to Carr’s release, $300 million of the $425 million restitution fund is dedicated to consumer redress. If that runs out, another $125 million can be added to the fund.
Equifax, described as one of the largest consumer reporting agencies in the world, exposed the data of more than 147 million consumers in September 2017 when its systems were breached. The information included Social Security numbers, names, dates of birth, addresses, credit card numbers and some driver’s license numbers.
The coalition of attorneys general alleged that “despite knowing about a critical vulnerability in its software, Equifax failed to fully patch its systems.”
Making matters worse, the coalition said, the company failed to replace security monitoring software which left the attack unnoticed for 76 days.
According to Carr’s office, consumers who wish to draw from the restitution fund will need to submit claims online or by mail. Paper forms can also be requested by phone.
The public is advised to go to ftc.gov/Equifax for more information about participating in the restitution, or call the settlement administrator at 1-833-759-2982.
An online registry page is also now live at www.equifaxbreachsettlement.com.
MORE ON EQUIFAX