Please ensure Javascript is enabled for purposes of website accessibility

Md. to receive $5.7M share of settlement with Equifax over data breach

FILE - This July 21, 2012, file photo shows signage at the corporate headquarters of Equifax Inc. in Atlanta. Credit report company Equifax said Monday, Oct. 2, 2017, that an additional 2.5 million Americans may have been affected by the massive security breach of its systems, bringing the total to 145.5 million people who had their personal information accessed or stolen. (AP Photo/Mike Stewart, File)

This July 21, 2012, file photo shows signage at the corporate headquarters of Equifax Inc. in Atlanta. (AP Photo/Mike Stewart)

Maryland will receive $5.7 million from a settlement with Equifax over its massive 2017 data breach. The settlement total could reach $700 million.

The credit reporting agency announced a data breach affecting more than 147 million consumers, roughly 56 percent of the U.S. population, in September 2017. Information involved included names, Social Security numbers, credit card numbers and driver’s license numbers.

The settlement announced Monday includes $175 million in penalties to states and territories, including Maryland; $100 million to the Consumer Financial Protection Bureau; and a $300 million restitution fund to reimburse consumers. The fund may increase to up to $425 million as needed to meet demand. Affected customers can receive credit monitoring services for 10 years.

“Equifax’s data breach affected the personal information of millions of Americans, leaving them vulnerable to identity theft and misuse of their personal records,” Attorney General Brian E. Frosh said in a statement announcing the settlement Monday.

Maryland led an investigation into the breach that eventually grew to include 50 attorneys general, according to the release from the Maryland Office of the Attorney General. The investigation found Equifax failed to have adequate security and did not patch its systems despite knowledge of their vulnerabilities. The company also failed to notice the breach for 76 days.

In a news release announcing the settlement Monday, Equifax CEO Mark W. Begor said the company was “focused on the future of Equifax and returning to market leadership and growth.”

“This comprehensive settlement is a positive step for U.S. consumers and Equifax as we move forward from the 2017 cybersecurity incident and focus on our transformation investments in technology and security as a leading data, analytics, and technology company,” Begor said.

Frosh said that it’s hard to settle federal, state and consumer litigation in one global agreement but that the facts of the case were “extraordinary” and both the plaintiffs and Equifax benefit from the resolution.

“Without a global settlement, this would go on for a decade,” he said. “Everybody would have to file suit, you’d have to wait until the end of the lawsuit and go through appeals, and in the meantime the consumers would be unprotected.”

The consumer relief will be available immediately, Frosh said; individuals can apply for credit monitoring, reimbursement for time spent dealing with any problems related to the breach and other damages.

“There’s a great deal of benefit to consumers today by us being able to settle it today,” Frosh said.

Equifax faced consumer protection lawsuits by states and individuals as well as Federal Trade Commission and Consumer Financial Protection Bureau investigations. The $175 million resolves the actions by 48 states, Washington, D.C., and Puerto Rico.

Maryland’s portion of the penalties will be allocated for use by the Consumer Protection Division of the Attorney General’s Office, unless the governor or General Assembly seeks to use it for something else, according to Frosh. More than 3 million Maryland consumers were estimated to have been affected.

Under the settlement, Equifax will make changes to its data security team, minimize the collection and use of sensitive data, perform regular security monitoring and tests, and employ new practices to identify and deploy security updates and patches.

Frosh said that a third-party monitor will ensure compliance and that any of the states involved will have the power to enforce the agreement.

“It’s extremely important not just to make sure Equifax is headed down the right path but also it sets a standard for all the credit reporting agencies,” he said.

The Equifax data breach was the largest ever involving consumer data, according to the release from Frosh’s office.

Frosh said his office encourages people to continue to be vigilant by regularly reviewing credit reports and making use of the free credit freeze available in Maryland. Information obtained in a data breach is often “warehoused” by hackers until consumer vigilance may have waned, he said.

“The concern that I have, that our office has, is often when data is hacked, the hackers don’t use the personal info for a certain period of time,” he said. “It’s just not safe, period.”

Eligible consumers can submit claims online or by mail. Information will be available online at and the settlement administrator can be reached by phone at 1-833-759-2982. The Maryland Office of the Attorney General’s hotline is available at 1-888-743-0023.


To purchase a reprint of this article, contact