Illinois Attorney General issued the following announcement on July 25.
Attorney General Kwame Raoul announced affected consumers can now file claims to qualify for payments from the Consumer Restitution Fund established under the historic $600 million settlement with Equifax. The settlement is the largest data breach settlement in U.S. history, and it resolves a nationwide investigation Raoul’s office led into Equifax’s massive 2017 data breach.
The multistate settlement, announced by Raoul this week, includes a Consumer Restitution Fund of up to $425 million. Attorney General Raoul is encouraging people who believe they were impacted by the breach to visit www.EquifaxBreachSettlement.com to learn about the settlement and qualifying to receive restitution. Visitors to the website can find out whether they are eligible for restitution, file a claim, request a paper form by mail, or check on the status of a claim they have already filed. Individuals can also access additional information about the breach and set up credit monitoring and restoration services. People can also call 1-833-759-2982 for information or to request a claim form.
“The millions of Illinois residents impacted by the Equifax data breach have until next year to file claims to receive restitution, so I encourage them to visit the new website to learn about applying,” Raoul said. “The Equifax breach is proof that even entities tasked with protecting our personal information can be compromised, so I urge all Illinoisans to be vigilant about protecting their credit by reviewing their free credit reports annually and regularly monitoring financial account statements.”
On Sept. 7, 2017, Equifax, one of the largest consumer reporting agencies in the world, announced a data breach affecting more than 147 million consumers – nearly half of the U.S. population. In Illinois alone, an estimated 5.4 million residents were impacted. Compromised information included names, social security numbers, dates of birth, addresses, credit card numbers, and in some cases, driver’s license numbers.
Shortly after, Raoul led a coalition that grew to 50 attorneys general in a multistate investigation into the breach. The investigation found that the breach occurred because Equifax failed to implement an adequate security program to protect consumers’ highly sensitive personal information. Despite knowing about a critical vulnerability in its software, Equifax failed to patch its systems fully. Moreover, Equifax failed to replace software that monitored the breached network for suspicious activity. As a result, attackers penetrated Equifax’s system and went unnoticed for 76 days.
Under the terms of the settlement, Equifax agreed to provide a single Consumer Restitution Fund of up to $425 million dedicated to consumer restitution. If the initial $300 million is exhausted, Equifax will pay up to an additional $125 million into the fund to cover remaining claims. The restitution program will be conducted in connection with settlements that have been reached in separate multi-district class action lawsuits filed against Equifax, as well as settlements that were reached with the Federal Trade Commission and Consumer Financial Protection Bureau. The settlement also requires Equifax to offer affected consumers extended credit monitoring services for 10 years.
Also under the settlement, Equifax has agreed to take the following steps to assist people who are facing identity theft issues or who have already had their identities stolen:
Making it easier for consumers to freeze and thaw their credit.
Making it easier for consumers to dispute inaccurate information in credit reports.
Maintaining sufficient staff dedicated to assisting consumers who may be victims of identity theft.
Equifax has also agreed to strengthen its security practices going forward, including, by:
Reorganizing its data security team.
Minimizing its collection of sensitive data and the use of people’s social security numbers.
Performing regular security monitoring, logging and testing.
Employing improved access control and account management tools.
Reorganizing and segmenting its network.
Reorganizing its patch management team, and implementing new policies to identify and implement critical security updates and patches.
The Federal Trade Commission is running the website, which is now live. Consumers have until Jan. 1, 2020 to file initial claims, which will be followed by an additional four-year period for people to file claims for out-of-pocket losses that can be traced to the breach.
Original source can be found here.