Equifax to pay up to $700 million for 2017 data breach: How you can reduce your risk online

Young man working on laptop and trying to protect his data from a security breach Image:

Editorial Note: Credit Karma receives compensation from third-party advertisers, but that doesn’t affect our editors' opinions. Our marketing partners don’t review, approve or endorse our editorial content. It’s accurate to the best of our knowledge when it’s posted.
Advertiser Disclosure

We think it's important for you to understand how we make money. It's pretty simple, actually. The offers for financial products you see on our platform come from companies who pay us. The money we make helps us give you access to free credit scores and reports and helps us create our other great tools and educational materials.

Compensation may factor into how and where products appear on our platform (and in what order). But since we generally make money when you find an offer you like and get, we try to show you offers we think are a good match for you. That's why we provide features like your Approval Odds and savings estimates.

Of course, the offers on our platform don't represent all financial products out there, but our goal is to show you as many great options as we can.

Equifax, one of the three main consumer credit bureaus, is set to pay as much as $700 million to settle charges from a major data breach in 2017 that exposed the personal information of almost 150 million Americans.

Equifax has agreed to the settlement with the Consumer Financial Protection Bureau, the Federal Trade Commission and the majority of states. If approved in Federal court, the deal would require Equifax to …

  • Provide at least $425 million in a consumer fund to provide relief for impacted consumers
  • Provide affected consumers with at least 10 years of free credit monitoring and free identity-restoration services for seven years
  • Provide affected consumers with up to six free copies of their Equifax credit report in a 12-month period beginning Dec. 31, 2019
  • Pay $100 million in fines to the CFPB

Affected consumers can also file claims and could be eligible for reimbursement of up to $20,000.

Want to know more?

Why are people still talking about the Equifax breach?

There have been a number of security breaches and other issues in the news recently, like the May 2019 report of a security flaw that exposed 885 million documents on a title insurance company’s website.

However, the Equifax data breach in particular has remained a relevant issue — not only due to the high number of Americans whose data was compromised, but also because of the importance of Equifax data to the average consumer. The credit bureau’s data is used to make all kinds of lending decisions that can significantly impact a consumer’s life, ranging from whether you get approved for a credit card, an auto loan or even a mortgage, to whether you qualify for rental housing.

When the Equifax breach was discovered in 2017, it turned out that not only were hackers able to access Equifax’s systems through flawed software, but they were also able to access Equifax data for months without being detected.

Ultimately, that breach was a wake-up call to many Americans that their data might not always be as secure as they’d like it to be, and that monitoring their information online is important.

What can you do to help keep your data more secure online?

If news about Equifax’s massive data breach settlement has you thinking about keeping your data secure, we’ve got some tips that could help keep you safer online.

  • Monitor your credit reports and consider a freeze. As a Credit Karma member, you get free credit monitoring and get alerts whenever we notice important changes to your Equifax or TransUnion credit reports so that you can check for suspicious activity. And you can ask any of the three major consumer credit bureaus — Equifax, Experian and TransUnion — to lock or freeze your credit reports to keep them more secure.
  • Make and keep your passwords more secure. As a general rule, you shouldn’t use the same password across multiple sites. And you shouldn’t make your password something that’s easy to guess. Using a series of short words or phrases might be a tougher password for hackers to crack. You might also think about using a password manager to keep track of all your passwords.
Learn more: What to do if your identity is stolen