Millions of Alabamians who were victims of one of the largest data breaches ever can now get some compensation.
The credit report company, Equifax, reached a settlement to take steps in protecting customers. That data breach impacted approximately 2.3 million people in Alabama.
We spoke to people on Monday who said breaches like this are exactly why they don't have credit or debit cards and always pay with cash.
"You know, out in the cyber world they can get your card number and that way, the less I use it online, and if I can't touch it, feel it, take it home with me right then, then try to keep the money in our local area," said Dee Woodard, owner of Cafe 302 in Huntsville.
Dee Woodard is one of many people we spoke with who says paying cash is always better.
Alabama Attorney General Steve Marshall said Equifax did not have a proper security system in place to protect its consumers. This breach allowed hackers to take personal information for 150 million people in no time at all.
"Technology is getting so far advanced, but the criminals are getting further advanced with hacking into people's accounts and everything," said Woodard.
Now, two years later, Equifax, has to reimburse those who were affected. The $700 million settlement with all 50 states is for restitution and free credit monitoring.
Woodard told WAAY 31 this is something that could be avoided if you buy services local and in cash.
"To support the other small businesses because if we support each other and keep it within our community, it helps each other," she said.
If you were impacted, you can choose between free credit monitoring or a $125 payment. Even if you weren't affected, you can get some free credit reports and ID theft recovery services.
You're eligible to get $25 per hour for time spent dealing with the breach's aftermath, up to 20 hours. For the first 10 hours, you just need to certify that you spent this time. For the additional 10 hours, you may need to provide documentation.
You will need to file a claim online, by mail, or by phone. The claims process will open up after the settlement is approved by the court. For now, find any documents, emails, receipts and other information to support your claim.
You can find more information on how to file a claim here.
The office of Alabama Attorney General Steve Marshall issued this press release Monday:
(MONTGOMERY) — Attorney General Steve Marshall today announced that a coalition of 50 Attorneys General has reached a $600 million settlement with Equifax regarding a massive 2017 data breach. In Alabama, approximately 2.3 million consumers were affected and are eligible for compensation.
An investigation by the Attorneys General found that Equifax’s failure to maintain a reasonable security system enabled hackers to penetrate its systems, exposing the data of 56 percent of American adults—the largest-ever breach of consumer data. The Attorneys General secured a settlement with Equifax that includes a Consumer Restitution Fund of up to $425 million, a $175 million payment to the states, as well as extensive injunctive relief, which also includes a significant financial commitment from Equifax. This is the largest data breach enforcement action in national history.
“Equifax failed utterly in its responsibility to safeguard the information of consumers with due diligence, with consequences of untold harm by identity thefts that have occurred and may yet occur,” said Attorney General Marshall. “This settlement provides important steps to compensate consumers and mitigate the damage from Equifax’s careless practices. Perhaps as significant is the message to other businesses that they will be held to account for maintaining a high standard of protection for their customers’ data. I am extremely proud of the commitment and hard work by the staff of my Consumer Interest Division, which was part of the multistate executive committee, in reaching this settlement for the benefit of Alabama consumers.”
On September 7, 2017, Equifax, one of the largest consumer reporting agencies in the world, announced a data breach affecting more than 147 million consumers— nearly half of the U.S. population. Breached information included Social Security numbers, names, dates of birth, addresses, credit card numbers, and in some cases, driver’s license numbers.
Shortly after, a coalition that grew to 50 Attorneys General launched a multistate investigation into the breach. The investigation found that the breach occurred because Equifax failed to implement an adequate security program to protect consumers’ highly-sensitive personal information. Despite knowing about a critical vulnerability in its software, Equifax failed to fully patch its systems. Moreover, Equifax failed to replace software that monitored the breached network for suspicious activity. As a result, the attackers penetrated Equifax’s system and went unnoticed for 76 days.
Under the terms of the settlement, Equifax agreed to provide a single Consumer Restitution Fund of up to $425 million—with $300 million dedicated to consumer redress. If the $300 million is exhausted, the Fund can increase by up to an additional $125 million. The company will also offer affected consumers extended credit-monitoring services for a total of 10 years.
Equifax has also agreed to take several steps to assist consumers who are either facing identity theft issues or who have already had their identities stolen including, but not limited to:
* making it easier for consumers to freeze and thaw their credit;
* making it easier for consumers to dispute inaccurate information in credit reports; and
* requiring Equifax to maintain sufficient staff dedicated to assisting consumers who may be victims of identity theft.
Equifax has also agreed to strengthen its security practices going forward, including:
* reorganizing its data security team;
* minimizing its collection of sensitive data and the use of consumers’ Social Security numbers;
* performing regular security monitoring, logging and testing;
* employing improved access control and account management tools;
* reorganizing and segmenting its network; and
* reorganizing its patch management team and employing new policies regarding the identification and deployment of critical security updates and patches.
Consumers who are eligible for redress will be required to submit claims online or by mail. Paper claims to mail may be requested by phone. Consumers will be able to obtain information about the settlement, check their eligibility to file a claim, and file a claim on the Equifax Settlement Breach online registry. To receive email updates regarding the launch of the Equifax Settlement Breach online registry, consumers can sign up at ftc.gov/Equifax. Consumers can also call 1-833-759-2982 for more information. The program to pay restitution to consumers will be conducted in connection with settlements that have been reached in the multi-district class actions filed against Equifax, as well as settlements that were reached with the Federal Trade Commission and Consumer Financial Protection Bureau.
In addition to Alabama, other Attorneys General participating in this settlement include Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Idaho, Illinois, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, Washington, West Virginia, Wisconsin, Wyoming, the District of Columbia and the Commonwealth of Puerto Rico.