BOSTON – Equifax has agreed to pay at least $575 million, and potentially up to $700 million, as part of a settlement with federal regulators in connection with its 2017 data breach that the Federal Trade Commission (FTC) says affected about 147 million people.
The company reached the settlement with the FTC, the Consumer Financial Protection Bureau, and U.S. states and territories, the FTC said on Monday, noting that security failures "exposed millions of names and dates of birth, Social Security numbers, physical addresses, and other personal information that could lead to identity theft and fraud."
The FTC said Equifax will pay $300 million to a fund that will provide affected consumers with credit monitoring services and compensate consumers "who bought credit or identity monitoring services from Equifax and paid other out-of-pocket expenses as a result of the 2017 data breach."
The company will add up to $125 million to the fund if the initial payment is not sufficient. The company also has agreed to pay $175 million to 48 states, the District of Columbia and Puerto Rico, and $100 million to the CFPB in civil penalties.