COLUMBUS – At least $7.14 million. That’s Ohio’s share of the largest data-breach settlement in US history.
Equifax is going to have to shell out $700 million as the result of a 2017 data breach that exposed sensitive information of about half the U.S. population.
An investigation by Ohio and 46 other states found the breach occurred because the credit-reporting agency failed to implement an adequate security program to protect consumers’ sensitive personal information, Ohio attorney general David Yost said in a release announcing the settlement.
“Today’s constant threat of cybercrime leaves no room for stewards of the public’s data to ignore security flaws. Equifax knew about its vulnerability for months ahead of the breach but did nothing to plug the gap in its defenses. A swift response could have prevented this whole ordeal,” Yost said.
The settlement, reached Monday, includes up to $425 million in monetary relief to consumers, a $100 million civil penalty and other offers to those who could have been affected.
Equifax also agreed to terms that will help consumers who are facing identity theft issues and strengthen its security practices
One of the largest data breaches ever to threaten the private information of Americans, the breach in September 2017 exposed Social Security numbers and other key financial data of nearly 150 million customers and went undetected for 76 days.
And it’s possible that the swiped data could circulate on the internet for decades.