Equifax will pay up to $700 million to settle with the Federal Trade Commission and others over a 2017 data breach that exposed Social Security numbers and other private information of almost 150 million people.
Equifax will also pay $275 million in fees to the Consumer Financial Protection Bureau, the Attorneys General of 48 states, Puerto Rico and the District of Columbia, and the New York Department of Financial Services.
Equifax is accused of failing to adequately patch a security flaw that enabled hackers to swipe about 147 million names and dates of birth, 145.5 million Social Security numbers and 209,000 payment card numbers and expiration dates in 2017.
Under the agreement, the company will set aside $425 million for a "restitution fund" to directly compensate consumers affected by the breach.
The settlement, subject to court approval, calls for at least $US300 million ($A426 million) of the penalty to go to affected consumers, and to provide extra credit monitoring beyond what the company has already offered.
Attorney General T.J. Donovan, D-Vermont, said when the breach became public, the state's consumer assistance program received more than 700 phone calls from anxious Vermonters. The FTC has authority to examine whether a company's practices were reasonable and whether it was living up to representations about security of data.
Equifax is yet to fully recover from the data breach.
The data breach was one of the largest in US history and was not detected by the company for six weeks.
Camera IconFormer Equifax CEO Richard Smith testifies before the Senate Banking, Housing and Urban Affairs Committee in the Hart Senate Office Building on Capitol Hill October 4, 2017 in Washington, DC.Picture: AFP, AP.
Consumers must submit a claim to receive free credit monitoring or cash reimbursements.
If consumers choose not to enroll in the free credit monitoring product available through the settlement, they may seek up to $125 as a reimbursement for the cost of a credit-monitoring product of their choice.
For those who suffered financial damages as part of the breach, they can file a claim for up to $20,000 to cover expenses you incurred as part of the breach.
The remaining six years will be Equifax-only credit monitoring.
"Credit freezes are actually better and they're free under the law", he explains.
Additional information about the settlement and how to find out whether you are eligible for relief can be found here.
"I'm pleased to announce this result for Idahoans, as Equifax failed to protect their sensitive data", Wasden said.
Consumer advocates said the settlement was modest given the huge number of people affected.