Connect with us

Hi, what are you looking for?



Massachusetts, Indiana Settle With Equifax Over 2017 Data Breach

Massachusetts and Indiana, the only two U.S. states that independently sued Equifax over the massive data breach that occurred in 2017, have settled with the credit reporting agency for a total of close to $40 million.

Massachusetts and Indiana, the only two U.S. states that independently sued Equifax over the massive data breach that occurred in 2017, have settled with the credit reporting agency for a total of close to $40 million.

The Equifax data breach affected roughly 147 million people. Hackers gained access to information such as social security numbers, dates of birth, driver license numbers, payment card numbers and even passport information. The U.S. government has charged four members of the Chinese People’s Liberation Army (PLA) for their role in the cyberattack.

Following the incident, Equifax was sued by both consumers and authorities over its failure to protect sensitive personal information, including by the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB), and 50 states.

As part of a settlement approved in January, Equifax will have to set aside $380 million for payments to affected individuals, attorney fees of $80 million, and other costs. The states that filed a lawsuit against the company will receive a total of $175 million.

However, Massachusetts and Indiana are not included in that multistate settlement as they filed their own lawsuits against Equifax. The attorneys general of Massachusetts and Indiana announced last week that they have each reached a settlement with the company for $18.2 million and $19.5 million, respectively.

The Equifax breach impacted roughly 3.9 million residents of Indiana and nearly 3 million people in Massachusetts.

“We knew back in 2019 that we could get a better deal for Hoosiers [residents of Indiana] than the amounts being discussed as part of the multistate settlement,” said Indiana Attorney General Curtis Hill. “In our own direct negotiations with Equifax representatives, we made sure to prioritize restitution payments for consumers affected by this preventable breach.”

Advertisement. Scroll to continue reading.

Indiana says the full settlement amount will be used for restitution payments to affected consumers, minus the cost of managing those payments. Massachusetts says it will use part of the money “to support local consumer aid programs.”

Related: Equifax Ordered to Spend $1 Billion on Data Security Under Data Breach Settlement

Related: FTC Warns Cash Option May be Small for Equifax Settlement

Related: Chinese Military Hackers Charged Over Equifax Data Breach

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.