Texas Office of the Attorney General issued the following announcement on July 22.
Attorney General Ken Paxton announced that a coalition of 50 attorneys general reached the largest data breach settlement in history with Equifax, resolving an investigation into a massive data breach first disclosed by the company in September 2017. The breach exposed the personal information of nearly half the U.S. population, including 12.1 million Texans.
The $600 million settlement with the attorneys general of 48 states, the District of Columbia and Puerto Rico requires Equifax to implement and maintain a rigorous and comprehensive data security program designed to prevent future breaches.
Under the agreement, Equifax must also pay between $300 million and $425 million into a consumer restitution settlement fund for the benefit of consumers whose information was exposed in the breach. Equifax will pay $175 million to the 50 attorneys general. Texas will collect $10.9 million for penalties, fees and costs.
“As a data broker which collects and maintains the sensitive personal information of millions, Equifax is obligated by law to protect that information from hackers. This investigation exposed Equifax’ failure to comply with that obligation.” said Attorney General Paxton. “The settlement puts them on the path to correction and is a win for Texas consumers. My office will continue to investigate companies that fail to protect Texans’ personal information and do everything it can to protect Texans from identity theft.”
The investigation of Equifax concluded that the company failed to maintain reasonable safeguards to protect consumers’ sensitive personal information from unlawful disclosure. Despite knowing about a critical vulnerability in its software, Equifax failed to fully and timely patch its systems. Moreover, Equifax failed to replace software that monitored the breached network for suspicious activity. As a result, the attackers penetrated Equifax’s system and went unnoticed for 76 days.