Hawaii residents who were affected in the largest ever consumer data breach may be eligible for compensation.
In September 2017, hackers stole personal information on 147 million customers of Equifax, the credit reporting agency. The information included names, dates of birth, addresses, Social Security numbers, credit card numbers, and in some cases, driver’s license numbers.
The Hawaii Office of Consumer Protection announced Monday that the state has settled an investigation into the 2017 data breach of Equifax. Hawaii joined 48 other states, the District of Columbia and Puerto Rico in the probe and the settlement negotiations.
The agreement calls for consumer restitution funds of up to $425 million, a $175 million payment to the states, and injunctive relief, which includes more payments.
According to Equifax, 462,000 Hawaii consumers were impacted by the breach. The state is receiving $1 million as a result of the settlement agreement.
The states' investigation found breach occurred due to Equifax’s failure to implement a security program to protect consumers’ personal information. The credit reporting agency also failed to update its software that monitors suspicious activity in the company’s system.
Steven Levins, executive director of the Office of Consumer Protection, says Equifax’s carelessness has alerted the entire industry about the risks of hacking.
“Equifax’s conduct undermined consumers’ confidence in the ability of the credit reporting industry to safeguard confidential information,” Levins said in a written statement. “This settlement will send a strong message to Equifax and to other companies that failing to implement adequate protections will have severe consequences.”
Equifax has also agreed to extend credit-monitoring services for customers whose information was breached. The services will last for 10 years. The Office of Consumer Protection said those who wish to enroll in this extended service or want to know if they are eligible for restitution payments should visit the Federal Trade Commission website or call 1-833-759-2982.
The claims process will begin after court approval in a class action lawsuit. Levins says the court is expected to check off on the compensation as early as next week.
According to the FTC, cash payments of up to $20,000 can be made to those who had to pay expenses as a result of the breach, spent hours dealing with the breach, or had paid for Equifax credit monitoring services from September 2016 to September 2017. Free assistance to recover from identity theft is another way the FTC plans to compensate affected Equifax consumers.
The FTC also announced that all U.S. Equifax consumers can get six additional free credit reports for seven years from the Equifax website.
“This whole mess with Equifax should alert consumers whether you’re impacted by this, or something else that you should be aware of the constant danger of security breaches,” said Levins.
Here are a few ways Levins says people can protect their personal data or check on their credit companies to prevent any information from being stolen:
- Dispute any unauthorized charges on your financial account statements. Levins suggests inspecting your credit reports to see if any questionable purchases or entries have been logged is a good way to see if your personal information has been breached.
- Regularly request free credit reports. Levins recommends using this website, which provides free reports and tips about how to look out for identity theft.
- Place alerts on your accounts. Levins says that placing alerts from your financial institution about purchases made above a certain amount helps you and your creditor keep track of any unauthorized purchases or withdrawals.
- Watch out for phishing emails. Don’t open any email images, attachments or questionable links from unknown senders. People committing fraud will send emails to mislead you or threaten to suspend your financial accounts if you don't give them key personal data. Levins says no legitimate business will ask you to verify your account by supplying personal information via email. If you’re concerned, contact the business directly.
- Look carefully for minor changes to email addresses. Levins says that often fake accounts will make minor changes in addresses to trick the email recipient into trusting the account. For example, the domain name “Consumer Protection of Hawaii” may be changed to “Consumer Protection in Hawaii.” Links from these emails could lead you to fake websites that will try to collect your private information.
