Credit-reporting company Equifax Inc. will pay up to $700 million to settle claims it broke the law during a massive 2017 data breach and to repay harmed consumers, in a landmark settlement that was nonetheless criticized by consumer advocates and some lawmakers who called for stricter regulation, Reuters reported. While it was the largest-ever settlement for a data breach, they said that the amount was still too small for the millions of Americans affected, and worried it could prove difficult for consumers to be repaid. The agreement also spurred multiple lawmakers to renew calls for legislation giving consumers more control over their personal information. “This settlement is just a drop in the bucket of what Equifax’s disregard for privacy could cost American families,” Sen. Sherrod Brown said in a statement. The settlement concludes multiple probes into Equifax by the Federal Trade Commission, the Consumer Financial Protection Bureau and nearly all state attorneys general. It also resolves pending class-action lawsuits against the company. Shares in Equifax, which is one of three major credit reporting companies, closed up 0.4 percent at $137.84 a share in trading on the New York Stock Exchange on Monday. Roughly 147 million people had information, including Social Security numbers and driver’s license data, compromised by the breach. The hackers have never been identified. The company will establish a $300 million restitution fund which could climb to $425 million depending on how many people file claims. Only consumers who can show they suffered direct costs following the breach, either from identity theft or by purchasing credit-monitoring services, will be eligible for restitution, capped at $20,000 per person. In addition, the company will pay a $175 million fine to the states and $100 million to the CFPB.
