The proposed settlement provides for a $5.5 million fund for class member claims and requires Equifax to spend a minimum of $25 million over two years to enhance data security.
Specific improvements would include implementation of industry-recognized cybersecurity standards tailored to Equifax’s specific systems and vulnerabilities. It also would require Equifax to submit annual certifications to class counsel, representing compliance with the terms of the agreement.
According to the plaintiffs’ May 15 motion, the parties didn’t discuss the details of attorneys’ fees and expenses prior to agreeing to the essential terms of the proposed settlement. But it does specify that Equifax will pay class counsel up to $2 million for fees and up to $250,000 for litigation costs and expenses, subject to court approval.
Twenty-one financial institutions would recover $5,000 each for service awards.
If certified, the class would be comprised of all financial institutions that issued debit or credit cards jeopardized by the breach.
Those class members that opt-in would agree to release Equifax from any claims that were or could have been asserted in the lawsuit, including, but not limited to, claims related to the data breach, fraudulent card activity, or “damage to the financial services ‘ecosystem’ as alleged in the complaint.”
Related consumer allegations were settled in January for roughly half a billion dollars, with the possibility of paying up to $2 billion more if all potential class members sign up for credit monitoring.
The case is In re Equifax, Inc. Customer Data Sec. Breach Litig., N.D. Ga., No. 1:17-md-02800, 5/15/20.