July 14, 2020

Volume X, Number 196

July 13, 2020

Subscribe to Latest Legal News and Analysis

Equifax Agrees to 19.5 Million Dollar Settlement with Indiana Attorney General in Connection with 2017 Data Breach

On April 14, 2020, the Indiana Attorney General’s office announced that the state had reached a settlement agreement with Equifax in connection with Equifax’s 2017 data breach. Under the terms of the settlement, Equifax will pay a $19.5 million penalty. Indiana previously elected not to participate in a July 2019 multistate and Federal Trade Commission settlement with Equifax regarding the same data breach.

In addition to the monetary penalty, Equifax agreed to various additional measures. Along with implementing and maintaining an information security program, Equifax agreed to (1) biannually assess its management and implementation of security updates and patches for the company network, including vulnerability assessments; (2) extend its credit monitoring offer to affected Indiana consumers to 10 years at no cost to consumers; and (3) obtain a third-party assessment of its obligations under the terms of the settlement, and submit periodic reports to the Attorney General regarding the same. Equifax also agreed to pay restitution to affected Indiana consumers.

Copyright © 2020, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume X, Number 108


About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct