NY authorities reach settlement with Equifax over 2017 data breach

Maria Nikolova

Equifax agrees to pay $425 million in restitution and to provide New York consumers with credit monitoring services and free annual credit reports for five years.

Equifax Inc. is being held accountable for the 2017 data breach that exposed the sensitive financial and personal information of millions of Americans, including 8.5 million New Yorkers. A settlement was announced today between New York authorities and Equifax over the data breach. The settlement stems from separate investigations by the Department of Financial Services and the New York Attorney General’s Office into the credit rating agency and two of its subsidiaries, Equifax Information Services LLC and Equifax Consumer Services LLC.

Under the settlement, the companies will pay a fine of $10 million to DFS, $9.2 million to the New York Attorney General’s Office as part of $175 million to Multi-State Attorney Generals including New York, and Equifax has committed up to $425 million to the consumer restitution fund.

In addition to the fine, Equifax will provide New York consumers with credit monitoring services and free annual credit reports, and will pay restitution to consumers affected by the breach. New York consumers who were impacted by the data breach may enroll in at least four years of credit monitoring by the three major credit-monitoring services – Equifax, Experian and Transunion – and receive two free credit reports from Equifax every 12 months for five years.

Consumers will also be able to submit claims for reimbursement for certain losses resulting from the data breach to a court-appointed administrator. Equifax will pay an additional $50 million to the the Consumer Financial Protection Bureau (CFPB).

DFS investigated the companies’ security practices before and at the time of the breach, as well as their communications and the services provided to consumers immediately after announcement of the breach, and found that the companies engaged in practices that violated the Dodd-Frank Act and Financial Services Law § 408.

The DFS investigation found that the 2017 data breach at Equifax exposed New York consumers’ sensitive personal information, including their full names, Social Security numbers, dates of birth, addresses and for some consumers, credit card numbers, driver’s license numbers and dispute documents containing personal identifying information, and thus could have the potential to cause injury, including financial injury, to consumers and businesses.

DFS also found that following the announcement of the data breach on September 7, 2017, Equifax, Inc. and its two subsidiaries failed to provide adequate assistance to affected consumers, including inadvertently directing consumers to a website that was not owned by Equifax; failing to alert consumers that their data had not only been accessed attackers, but stolen; and providing a data breach website that was unable to provide certainty for consumers about whether they were impacted by the breach.

During the relevant period, Equifax conducted internal and external reviews of the information security program that identified areas for improvement and failed to implement on a timely basis some security measures that were mandated by their own policies. Further, the companies’ internal documents demonstrate that they were aware they were storing personal identifying information in development and testing environments, increasing the risk of identity theft, misuse of data and fraud. The companies also failed to encrypt certain consumers’ personal identifying information and failed to decrypt certain incoming and outgoing traffic in violation of their own policies.

Read this next


Top Crypto Millionaire Picks: ETH, SOL, BLP

The market is buzzing with the arrival of a new bull run, and savvy investors are closely watching certain cryptocurrencies that show promise for substantial returns.


Influencer Examines BlockDAG Advances as Presale Hits $27.7M Amid Updates on Solana Transaction Fees and Injective (INJ) Price

Discover what famous YouTube influencer CryptoDexWorld has to say about BlockDAG’s presale performance and mining capabilities. More on Solana Transaction Fees and Injective (INJ) Price Updates.


Discover the Best Altcoins to Buy: Exploring Near Protocol, Cardano, and BlockDAG’s 30,000x Potential

Explore top altcoins like Near Protocol, and Cardano, and discover BlockDAG’s massive potential. Join us!


Crypto Influencer Crypto Rick Endorses BlockDAG Amid $27.7M Presale Success; TRON Price & BCH See Surge

Crypto Rick endorses BlockDAG, boosting its $27.7M presale amid TRON and Bitcoin Cash surges. Explore why BlockDAG is a top crypto investment.


These Altcoins Have The Potential To Make You a Millionaire in 2024

The crypto market is witnessing a surge, and certain alternate coins are catching attention for their rapid growth.

Digital Assets

Point72 invests $77.5 million in Bitcoin, Morgan Stanley holds $269.9 million

Point72, the $34 billion hedge fund owned by billionaire and New York Mets owner Steven Cohen, held $77.5 million in the Fidelity Wise Origin Bitcoin Fund (FBTC) at the end of the first quarter, according to a recent filing.

Digital Assets

Binance claims Nigerian officials sought $150 million bribe

A Nigerian court has ruled that Tigran Gambaryan, a Binance executive detained on charges of tax evasion and money laundering, can stand trial on behalf of the world’s largest cryptocurrency exchange.

Digital Assets

Kraken reviews Tether listing in Europe ahead of MiCA adoption

Cryptocurrency exchange Kraken is “actively reviewing” whether to delist the stablecoin Tether (USDT) from its European platform, according to a report by Bloomberg.


Discover How MoonBag Coin Presale Stacks Up Against Dogecoin & Litecoin

Discover how the MoonBag Coin presale compares to Dogecoin and Litecoin, with unique features, a robust presale structure, and new opportunities in 2024.