In September 2017, Equifax, one of the three major credit reporting bureaus in the United States, revealed a massive data breach that exposed the sensitive information of 147 million people.
This shocking incident became one of the largest data breaches in history, raising serious concerns about consumer privacy and data protection.
Table of Contents
Equifax Data Breach Timeline
This article explores the timeline of events surrounding the breach, its impact, and the ongoing legal and regulatory repercussions.
May 2017: Hackers exploit a known vulnerability in Apache Struts, a software framework used by Equifax’s website.
May 12, 2017: The attackers moved deeper into Equifax’s network, laterally traversing systems due to inadequate security segmentation.
July 29, 2017: Equifax discovers the breach after 76 days of hackers accessing and stealing sensitive data.
July 30, 2017: The company shuts down the exploit used by the hackers.
August 2017: Top Equifax executives sold company stock, raising suspicions of insider trading.
September 7, 2017: Equifax publicly discloses the breach, revealing the extent of the compromised data.
September 10, 2017: Congressman Loudermilk introduces a bill to limit consumer protections in response to the breach, facing backlash and ultimately delaying consideration.
September 15, 2017: Equifax announces the departures of its chief information officer and chief security officer.
September 28, 2017: The New CEO promises free credit data control for all consumers.
October 2017: Equifax discovers and reports additional tranches of compromised data, bringing the total to 147.9 million Americans affected.
October 26, 2017: The company appoints technology executive with cybersecurity expertise to its board.
February 2020: The US government charges members of China’s People’s Liberation Army with orchestrating the Equifax hack.
Present Day: The fallout from the breach continues, with ongoing litigation and regulatory scrutiny of Equifax. Consumers remain vulnerable to identity theft and fraud due to the compromised data.
Who Was Responsible?
While the exact identities of the attackers remain unknown, the prevailing theory suggests state-sponsored hackers, possibly from China, were responsible. This theory is based on several factors:
- The stolen data never appeared on the dark web, a typical outcome for financially motivated cybercrime.
- The sophistication of the attack suggests a well-resourced organization.
- China has a history of engaging in cyber espionage.
Impact and Consequences
The breach exposed a vast array of personal data, including names, Social Security numbers, birth dates, addresses, driver’s license numbers, and even credit card information.
This information is highly valuable to criminals, making individuals affected by the breach vulnerable to identity theft, fraud, and other financial crimes.
The impact of the breach has been far-reaching, causing significant stress, anxiety, and financial hardship for millions of individuals. Many victims have spent countless hours reporting fraudulent activity, placing credit freezes, and repairing their damaged credit scores.
Legal and Regulatory Responses:
Several lawsuits have been filed against Equifax for its role in the data breach. The company has also faced fines and penalties from regulators. Additionally, the US government has indicted Chinese nationals for their alleged involvement in the attack.
The Equifax Data Breach Settlement & Benefits
In response to the breach, Equifax was ordered to pay a massive $425 million settlement to affected individuals. This settlement provides various forms of compensation, including:
1. Free Credit Monitoring Services: Class members were initially offered up to 10 years of free credit monitoring services through Experian. However, the deadline to claim this benefit has passed.
2. Extended Claims Period: If you experienced fraud, identity theft, or other misuse of your personal information due to the data breach between January 23, 2020, and January 22, 2024, you may be eligible for reimbursement for out-of-pocket losses and time spent recovering.
The deadline to file a claim for the Extended Claims Period is January 22, 2024.
3. Free Identity Restoration Services: All affected individuals are eligible for at least 7 years of free identity restoration services, regardless of whether they file a claim. These services can help you address the consequences of identity theft and fraud.
4. Alternative Reimbursement Compensation: If you missed the deadline to claim credit monitoring services, you may be eligible for alternative reimbursement compensation. However, this option is no longer available.
5. Cash Reimbursement for Equifax Subscription Products: If you purchased an Equifax subscription product after the data breach and believe it was unnecessary due to the breach, you may have been eligible for reimbursement.
However, the deadline to claim this benefit has passed.
How to File a Claim & Status Check
The initial deadline to file a claim for cash payments and time spent compensation has passed. However, individuals can still file claims for expenses incurred between January 23, 2020, and January 22, 2024, related to identity theft or fraud.
The deadline for filing these claims is January 22, 2024.
To file a claim, visit the official Equifax Data Breach Settlement website: https://www.equifaxbreachsettlement.com/
Moving Forward
The Equifax Data Breach Settlement provides individuals with options to recover from the consequences of this major data breach.
Understanding your rights and taking proactive steps to protect your information can help you minimize the risks and mitigate the potential harms of identity theft and fraud.
