You are using an older browser version. Please use a supported version for the best MSN experience.

Texas Part Of $600M Settlement In Equifax Data Breach Case

Patch logo Patch 7/22/2019 Tony Cantu
a close up of an open laptop computer sitting on top of a keyboard © Provided by Planck, LLC, d/b/a Patch Media

AUSTIN, TX — The state attorney general on Monday announced a coalition comprising his counterparts elsewhere in the U.S. have collectively reached a $600 million settlement with Equifax for a massive data breach breach that affected 12.1 million Texas residents among others.

It's the largest such settlement in history, AG Ken Paxton noted. First disclosed by the company in September 2017, the breach exposed the personal information of nearly half the U.S. population. The huge settlement engineered by the attorneys generals of 48 states, the District of Columbia and Puerto Rico compels the consumer credit reporting agency to implement and maintain a rigorous and comprehensive data security program designed to prevent future breaches, Paxton explained.

Under the agreement, Equifax must also pay between $300 million and $425 million into a consumer restitution settlement fund for the benefit of consumers whose information was exposed in the breach. Equifax will pay $175 million to the 50 attorneys general — with Texas collecting $10.9 million for penalties, fees and costs.

“As a data broker which collects and maintains the sensitive personal information of millions, Equifax is obligated by law to protect that information from hackers," Paxton said in a prepared statement. "This investigation exposed Equifax’ failure to comply with that obligation. Today’s settlement puts them on the path to correction and is a win for Texas consumers. My office will continue to investigate companies that fail to protect Texans’ personal information and do everything it can to protect Texans from identity theft.”

Paxton added that the investigation of Equifax concluded that the company failed to maintain reasonable safeguards to protect consumers’ sensitive personal information from unlawful disclosure. Despite knowing about a critical vulnerability in its software, Equifax failed to fully and timely patch its systems, the AG added. Moreover, Equifax failed to replace software that monitored the breached network for suspicious activity, Paxton said, resulting in hackers' ability to penetrate Equifax’s system in a breach that went unnoticed for 76 days.

More information about the settlement, including details of the consumer restitution fund and how to file claims, can be found here: To receive email updates about the consumer restitution fund and when the settlement administrator will begin accepting claims, sign up at

Paxton added that in November 2017 his Consumer Protection Division served an investigative subpoena — also known as a Civil Investigative Demand — on Equifax, one of the nation’s three major credit reporting agencies.

View a copy of the Texas final judgment here.


More from Patch

image beaconimage beaconimage beacon