CONCORD — Attorney General Gordon J. MacDonald announced Monday that New Hampshire will receive more than $1 million as part of a settlement agreement with Equifax over a 2017 data breach that exposed the Social Security numbers and private information of nearly 150 million people across the country, including more than 630,000 Granite State residents.
Equifax has agreed to pay up to $700 million following U.S. federal and state investigations into the 2017 hack:
Under a settlement announced Monday by the Federal Trade Commission, Equifax will pay as much as $425 million to compensate consumers and provide credit monitoring to those whose information was exposed. It will separately pay $175 million to 48 states, which includes $1,037,168.03 for New Hampshire — where 639,691 consumers were affected — and an additional $100 million to the U.S. Consumer Financial Protection Bureau.
The company is also required to spend at least $1 billion to improve its data security, according to a settlement filed in a class-action lawsuit against Equifax.
The agreement, the largest data-security settlement by the agency, ends a nearly two-year investigation by all 50 states and the FTC into the breach that compromised sensitive information.
Affected consumers are eligible to request the following types of reimbursements from the settlement fund:
Reimbursement for time spent trying to avoid, or recover from, identity theft (up to 20 total hours at $25 per hour)
Reimbursement for money spent trying to avoid, or recover from, identity theft (costs for freezing your credit report, professional fees paid to address identity theft, postage, etc.)
Reimbursement of up to $125 for credit monitoring services purchased, if the affected individual chooses not to accept the 10 free years of credit monitoring services offered as part of the settlement.
Consumers can obtain information about the settlement, check their eligibility to file a claim, and file a claim on the Equifax Settlement Breach online registry or sign up to receive email updates at www.ftc.gov/equifax. Consumers who are eligible for redress are required to submit claims online or by mail. Paper claim forms can also be requested over the phone. Consumers can also call the settlement administrator at (833) 759-2982 for more information.
Hackers gained access to the Equifax network in May 2017 and attacked the company for 76 days, according to a House Oversight Committee report. Equifax noticed “red flags” in late July, then in early August contacted the FBI, outside counsel and cybersecurity firm Mandiant. The company waited until September to inform the public of the breach.
Hackers stole at least 147 million names and dates of birth, nearly 146 million Social Security numbers, and 209,000 payment card numbers and expiration dates, the FTC said.
“Companies that profit from personal information have an extra responsibility to protect and secure that data,” FTC Chairman Joe Simons said in a statement. “Equifax failed to take basic steps that may have prevented the breach.”
Information from wire service reports was used in this story.