Bloomberg Law
Free Newsletter Sign Up
Bloomberg Law
Free Newsletter Sign Up

Equifax Offers to Pay $30.5 Million for Data Breach (Corrected)

May 18, 2020, 3:58 PMUpdated: May 28, 2020, 3:06 AM

Equifax, Inc. has agreed to a proposed settlement with a subclass of financial institutions to resolve allegations that it failed to protect the personal data of over 140 million Americans from cyberattack, according to an unopposed motion for preliminary approval filed in the Northern District of Georgia.

The proposed settlement provides for a $5.5 million fund for class member claims and requires Equifax to spend a minimum of $25 million over two years to enhance data security.

Specific improvements would include implementation of industry-recognized cybersecurity standards tailored to Equifax’s specific systems and vulnerabilities. It also would require Equifax to submit annual certifications to class counsel, representing compliance with the terms of the agreement.

According to the plaintiffs’ May 15 motion, the parties didn’t discuss the details of attorneys’ fees and expenses prior to agreeing to the essential terms of the proposed settlement. But it does specify that Equifax will pay class counsel up to $2 million for fees and up to $250,000 for litigation costs and expenses, subject to court approval.

Twenty-one financial institutions would recover $5,000 each for service awards.

If certified, the class would be comprised of all financial institutions that issued debit or credit cards jeopardized by the breach.

Those class members that opt-in would agree to release Equifax from any claims that were or could have been asserted in the lawsuit, including, but not limited to, claims related to the data breach, fraudulent card activity, or “damage to the financial services ‘ecosystem’ as alleged in the complaint.”

Related consumer allegations were settled in January for roughly half a billion dollars, with the possibility of paying up to $2 billion more if all potential class members sign up for credit monitoring.

The case is In re Equifax, Inc. Customer Data Sec. Breach Litig., N.D. Ga., No. 1:17-md-02800, 5/15/20.

(Corrects headline of May 18 story to reflect that not all settlement funds would go directly to financial institutions.)

To contact the reporter on this story: Holly Barker in Washington at

To contact the editors responsible for this story: Rob Tricchinelli at; Meghashyam Mali at