Equifax's $700 million settlement with the U.S. government over a massive 2017 data breach includes up to $425 million for consumers.
Affected consumers would get free credit-monitoring and identity-restoration services for the next several years and may be eligible for money they have already spent on such services.
How did the hackers break in?
According to the Government Accountability Office, the investigative arm of Congress, a server hosting Equifax's online dispute portal was running software with a known weak spot. The hackers, who have not been identified, jumped through the opening. Hiding behind encryption tools, they sent 9,000 queries to dozens of databases containing consumers' personal information, and then methodically extracted the information.
The attack went unnoticed by Equifax for more than six weeks.
What has Equifax done?
The company has said it took steps to fix the issues that allowed the breach to occur. That includes adding tools to better monitor network traffic, restrict traffic between internal servers and tighten controls on who can access certain systems and networks.
The company also gave consumers more control over their Equifax data and introduced a free credit-alert service.
There was also a management shake-up.
What information was stolen?
Equifax stores a trove of data that provide a financial profile of millions of consumers, including how much they owe on their homes and whether there are court judgments against them.
The compromised data included Social Security numbers, birth dates, addresses, driver-license numbers and credit card numbers. Equifax said 3,200 passport images were also stolen.
What do consumers receive from the settlement?
Equifax has a page, https://www.equifaxsecurity2017.com, with a link to look up whether your information was exposed.
Affected consumers may be eligible for up to $20,000 in reimbursements for losses from unauthorized charges to affected accounts, legal and other fees, credit-monitoring or identity-theft-protection services and expenses related to freezing or unfreezing credit reports. For the time spent dealing with the breach, consumers can seek $25 per hour for up to 20 hours as compensation.
All affected consumers will be eligible to receive 10 years of free credit monitoring, at least seven years of free identity-restoration services, and, starting in 2020, six free copies of their Equifax credit report each year for seven years.
Consumers must submit a claim in order to receive free credit monitoring or cash reimbursements.
What to do with credit reports?
Examine all your listed accounts and loans to make sure that the personal information is correct and that you authorized the transaction.
If you find something suspicious, contact the company that issued the account and the credit-rating agency.
Consider freezing your credit, which stops thieves from opening new credit cards or loans in your name. It can be done online. Consumers can freeze their credit for free because of recent legislation, avoiding fees that were typically $5 to $10 per rating agency.