NEW YORK -- Equifax will pay at least $700 million -- and potentially much more -- to settle lawsuits over a 2017 data breach that exposed the Social Security numbers and similar sensitive information of roughly half of the U.S. population.
The settlement with federal authorities and states , reached Monday, includes up to $425 million in monetary relief to consumers, a $100 million civil penalty, and other offers to the nearly 150 million people who could have been affected. It can't, however, guarantee safety for individuals whose stolen information could circulate on the internet for decades.
The breach was one of the largest ever to threaten Americans' private information. The credit reporting company didn't notice the intruders targeting its databases, who exploited a known security vulnerability that Equifax hadn't fixed, for more than six weeks.
The compromised data included Social Security numbers, birth dates, addresses, driver license numbers, credit card numbers and in some cases, data from passports. The resulting scandal led to the abrupt dismissal of Equifax's then-CEO and many other executives at the company.
"Companies that profit from personal information have an extra responsibility to protect and secure that data," said Federal Trade Commission Chairman Joe Simons. "Equifax failed to take basic steps that may have prevented the breach."
Equifax CEO Mark Begor said in a statement that the settlement "reinforces our commitment to putting consumers first and safeguarding their data."
Consumer advocates were generally positive on the settlement, but had concerns about its timescale. Claims can only be filed for the next four years, but the thieves stole permanently identifiable information like Social Security numbers and birthdates, the data could be used for decades to commit identity theft.
"What happens if a consumer is the victim of ID theft in the fifth year resulting from the breach, which costs the consumer tens of thousands of dollars?" said Chi Chi Wu, staff attorney at the National Consumer Law Center.
Shares of Equifax, which plunged 30% following disclosure of the breach, have since made up that drop. On Monday, Equifax stock price closed at $137.84 -- not far from its price of $141.45, where it was trading just before the breach was disclosed on Sept. 7, 2017. Business analysts say the settlement will remove a cloud of uncertainty over Equifax's business.