Here's how you could claim your share in the largest data breach settlement in history.

On Monday, New York Attorney General Letitia James announced she co-led a coalition of 50 Attorneys General in reaching the largest data breach settlement in history with Equifax Inc., as a result of an investigation into the company’s massive 2017 data breach that exposed the personal information of nearly half the U.S. population.

“Equifax put profits over privacy and greed over people, and must be held accountable to the millions of people they put at risk,” James said. “This company’s ineptitude, negligence, and lax security standards endangered the identities of half the U.S. population. Now it’s time for the company to do what’s right and not only pay restitution to the millions of victims of their data breach, but also provide every American who had their highly sensitive information accessed with the tools they need to battle identity theft in the future.”

In September 207, Equifax, one of the big three consumer credit reporting agencies, announced a data breach, ultimately affecting over 147 million consumers, or 56-percent of American adults, making it one of the largest-ever breach of consumer data in history.

Breached information included Social Security numbers, names, dates of birth, addresses, credit card numbers, and, in some cases, driver’s license numbers. Shortly after, a coalition — that has since grown to 50 Attorneys General — launched a multi-state investigation into the breach.

In New York over 8.5 million residents had their personal information was illegally accessed.

“Credit rating agencies have a responsibility to safeguard consumers' financial and personal information, and this egregious data breach and the agency's response was completely unacceptable,” New York Governor Andrew Cuomo said. “In New York we are sending a clear message to these agencies that they will be held accountable if they leave consumers' private data vulnerable to exposure, and we will continue our rigorous oversight of these agencies to ensure New Yorkers are protected in the future.”

The investigation found that attackers were able to utilize a vulnerability in Equifax's system by targeting the Apache Struts web-application software. While Equifax was informed of a vulnerability in March 2017, the company failed to patch all of its systems and failed to replace the software that monitored the breached network for suspicious activity. As a result, the attackers infiltrated Equifax’s system, which went unnoticed for 76 days, officials say.

Under the terms of the settlement, Equifax will be required to pay restitution to affected consumers in a number of ways. First, the company has agreed to provide a single Consumer Restitution Fund of up to $425 million, $300 million will initially be dedicated to compensation, with an additional $125 million available if initial funds are depleted.

The program to pay restitution to consumers will be conducted in connection with settlements that have already been reached in the multi-district class action suits filed against Equifax, as well as with settlements that have been reached with the Federal Trade Commission and the Consumer Financial Protection Bureau (CFPB). Equifax will pay an additional $100 million to the CFPB.

Consumers who are eligible for compensation will be required to submit claims showing they have been a victim of fraud or have taken proactive steps to set up credit monitoring services by submitting documents online or by mail.

Equifax has also agreed to offer consumers who had their data exposed free credit-monitoring services for up to 10 years. Consumers that take part in the service will have up to $1 million of identity theft insurance available.

A new website will soon allow consumers to learn more about the Restitution Fund, enroll in credit-monitoring services, and have their questions answered. In the meantime, consumers can sign up to receive email updates regarding the launch of the Equifax Settlement Breach online registry at http://www.ftc.gov/equifax-data-breach. Consumers can also call 1-833-759-2982 for more information.

To find out if your data was leaked, you can sign up to receive an email to be told when the website is running. You can sign up for the email by clicking HERE. 

The most you can receive for the data breach is $20,000, per person. To help pay for:

  • For expenses you paid as a result of the breach, like:
    • Losses from unauthorized charges to your accounts
    • The cost of freezing or unfreezing your credit report
    • The cost of credit monitoring
    • Fees you paid to professionals like an accountant or attorney
    • Other expenses like notary fees, document shipping fees and postage, mileage, and phone charges
  • For the time you spent dealing with the breach. You can be compensated $25 per hour up to 20 hours.
  • For the cost of Equifax credit monitoring and related services you had between September 7, 2016, and September 7, 2017, capped at 25 percent of the total amount you paid.

Equifax has spent hundreds of millions of dollars to strengthen its security practices and will continue to do, officials say.

The settlement requires court approval.