A settlement from the Equifax data breach lawsuit has been reached as the credit reporting agency has finalized a $5.5 million agreement to pay financial institutions that issued credit cards that were identified in the 2017 hack that affected roughly 147 million people in the U.S.
Credit Union National Association (CUNA) filed a lawsuit against Equifax in October 2017 after the breach exposed the personal information of credit union members had been compromised.
“Credit unions have borne substantial costs as a result of this massive data breach, and the settlement offers recourse on the path toward making affected credit unions whole again,” said CUNA President/CEO Jim Nussle. “Breaches like this are occurring on a regular basis, and the only thing that will prevent them in the future is a strong national data security standard that holds all entities accountable. CUNA and the Leagues look forward to continuing our engagement with Congress to enact robust data security requirements for all who handle consumers’ personal information.”
The Settlement Class will be limited to financial institutions that had alerted-on payment cards as a result of the breach. Class members will be permitted to make claims for losses attributable to the alerted-on payment cards as well as damages they suffered resulting from their customers’ personally identifiable information (PII) exposure.
Up to $4.50 per alerted-on payment card as well as up to $5,000 per financial institution will be provided for its documented damages claim resulting from PII theft for class members.
The company will spend at least $25 million to strengthen data security measures over a two-year period and comply with the Payment Card Industry Data Security Standard (PCI_DSS).