Minnesota Nets Nearly $2M from Equifax Settlement

Minnesota Nets Nearly $2M from Equifax Settlement

The company’s breach reportedly exposed personal information of nearly half of adult-age Minnesotans.

Atlanta-based consumer credit reporting agency Equifax on Tuesday announced that it’s reached an agreement to pay up to $700 million to settle complaints stemming from its 2017 data breach.

The agency plans to set up a $300 million restitution fund for consumers affected by the breach, which reportedly exposed personal data of more than half of American adults. If that money runs out, Equifax will provide an additional $125 million for the fund.

Equifax also agreed to provide $175 million to states directly. Minnesota is slated to receive almost $2 million from that amount, according to a news release issued by the state’s attorney general Keith Ellison.

“Equifax put the sensitive personal information of over two million Minnesotans at risk. That’s nearly half of all Minnesota adults,” Ellison said. “We took action to hold Equifax accountable for its misconduct and to ensure Minnesotans’ sensitive personal information is treated with the safety, dignity, and respect that it deserved from the start.”

The September 2017 breach reportedly took Equifax more than two months to detect, according to The New York Times. The company also waited more than a month to disclose the breach publicly, the newspaper reported.

The breach leaked consumers’ Social Security numbers, names, dates of birth, addresses, and more. Afterwards, a coalition of attorneys general in 48 states, Puerto Rico, and the District of Columbia began investigating the case.

The coalition found that Equifax “failed to implement an adequate security program to protect consumers’ highly sensitive personal information,” according to Ellison’s release.

“Despite knowing about a critical vulnerability in its software, Equifax failed to fully patch its systems,” the release said. “Moreover, Equifax failed to replace software that monitored the breached network for suspicious activity. As a result, the attackers penetrated Equifax’s system and went unnoticed for 76 days.”

The U.S. District Court for the Northern District of Georgia still needs to give final approval to Tuesday’s settlement agreement.