Equifax Data Breach Settlement: What Consumers Need to Know

Understand the Equifax data breach settlement, how payments work, and what steps to take now to protect your identity and credit.

By Sneha Tete, Integrated MA, Certified Relationship Coach
Created on

In 2017, a massive cybersecurity failure at Equifax exposed the personal data of about 147 million people, making it one of the largest data breaches in U.S. history. This led to a major settlement with federal and state regulators designed to compensate affected consumers and improve the company’s security practices.

This guide explains the key terms of the Equifax data breach settlement, how payments are being sent, what benefits were available, and what you can still do today to protect your identity and credit history.

1. Background: What Happened in the Equifax Breach?

Equifax is one of the three nationwide consumer reporting agencies that collect and maintain credit information on hundreds of millions of people. In September 2017, the company disclosed that attackers had gained unauthorized access to its systems and obtained sensitive personal data.

1.1 Types of information exposed

The breach compromised a broad range of consumer data:

  • Names
  • Social Security numbers
  • Dates of birth
  • Addresses
  • In some cases, driver’s license numbers and other identifying details

This kind of information is especially sensitive because it can be used for long-term identity theft, including opening new credit accounts, filing tax returns, or committing other forms of fraud in someone else’s name.

1.2 Regulatory response and settlement

Following the breach, Equifax faced investigations and lawsuits from regulators and consumers. Ultimately, the company entered into a global settlement with:

  • The Federal Trade Commission (FTC)
  • The Consumer Financial Protection Bureau (CFPB)
  • 50 U.S. states and territories
  • Attorneys representing affected consumers in class actions

The settlement created a fund of up to $425 million for consumer relief, including credit monitoring, payments for time spent, and reimbursement of out-of-pocket losses.

Read More

The Future of AI: Preventing a Big Tech Monopoly >

The Future of AI: Preventing a Big Tech Monopoly

2. Overview of the Equifax Settlement

The settlement was approved by a federal court in January 2020, making it effective and enforceable. It resolved numerous lawsuits and enforcement actions without Equifax admitting wrongdoing.

2.1 Total settlement value

The overall package of relief and penalties related to the Equifax breach has been described as up to $700 million, including payments to regulators and a dedicated consumer fund. Of that, up to $425 million was earmarked specifically for people affected by the data breach.

2.2 Who was covered?

The settlement applies to individuals in the United States whose personal information was impacted by the 2017 Equifax breach. Approximately 147 million people were affected.

Not everyone who was affected automatically received money. Consumers needed to:

  • Determine whether they were in the affected group; and
  • Submit a claim during the claim periods if they wanted certain cash benefits.

3. Settlement Benefits: What Was Offered to Consumers?

The settlement created several types of benefits, some available only with a valid claim and some available regardless of whether a claim was filed.

3.1 Summary of key benefits

Benefit Type Who Could Get It What It Covered
Credit monitoring Affected consumers who filed an eligible claim Multi-year credit monitoring and identity theft protection services
Alternative cash payment Consumers who opted out of credit monitoring Cash in lieu of credit monitoring, subject to reduction based on total claims
Reimbursement for time spent Consumers who took steps to address the breach Compensation for time spent dealing with identity theft risks or actual misuse
Out-of-pocket losses Consumers with verifiable monetary losses Refunds for certain breach-related expenses, up to a per-person cap
Free identity restoration Affected consumers Assistance resolving identity theft issues tied to the breach

3.2 Credit monitoring services

One core feature of the settlement was free credit monitoring and identity theft protection for U.S. consumers whose information was impacted. Services typically included:

  • Monitoring of credit reports at multiple nationwide bureaus
  • Alerts when significant changes appear on a credit file
  • Identity theft insurance and restoration support, depending on the plan

Consumers who chose credit monitoring had to activate it by specified deadlines; those timelines have now passed for the settlement-related services.

3.3 Alternative compensation for those declining monitoring

Some consumers could choose a cash benefit instead of credit monitoring, sometimes described as an “alternative compensation” payment. The widely publicized figure “up to $125” was a theoretical maximum; the actual amount depended heavily on how many valid claims were filed.

Because many consumers opted for cash instead of monitoring, the settlement administrator stated that actual payments would be significantly lower and distributed on a proportional basis.

3.4 Reimbursement for time spent

Consumers could claim payment for time spent responding to the breach, such as:

  • Reviewing credit reports
  • Placing or lifting security freezes or fraud alerts
  • Communicating with lenders or government agencies
  • Dealing with confirmed identity theft incidents

Under the settlement, consumers could request reimbursement for a set number of hours at a specified hourly rate, with documentation requirements depending on the claim amount.

3.5 Reimbursement for out-of-pocket losses

Consumers who experienced direct financial losses reasonably traceable to the breach could seek reimbursement up to a per-person cap, subject to providing documentation. Examples included:

  • Costs of credit monitoring or identity theft protection purchased independently
  • Fees to freeze or unfreeze credit reports (where applicable)
  • Professional fees (such as accountants or attorneys) related to addressing fraud
  • Unreimbursed fraudulent charges, within settlement guidelines

3.6 Ongoing identity restoration services

Even after claim deadlines, certain identity restoration services remain available to affected consumers, helping them if they face identity theft issues related to the breach. These services can involve assistance in:

  • Reviewing credit reports and identifying fraudulent accounts
  • Filing disputes with credit bureaus and creditors
  • Working with government agencies or law enforcement as needed

4. Claim Deadlines and Current Payment Status

4.1 Key filing deadlines

The settlement included two primary claim periods:

  • Initial Claims Period: For free credit monitoring or an alternative cash payment and certain other reimbursements.
    Deadline: January 22, 2020
  • Extended Claims Period: For claims related to out-of-pocket losses or time spent occurring between January 23, 2020 and January 22, 2024.
    Deadline: January 22, 2024

Both periods have now expired, and no new claims can be filed under the settlement.

4.2 Are payments still being sent?

Yes. Government sources explain that the settlement administrator has been actively issuing payments for out-of-pocket losses, time spent claims, and other cash benefits. According to the FTC and settlement website:

  • Payments began going out for certain benefits in mid-December 2022.
  • Additional payments, including for extended claims, are being made from the restitution fund.
  • Many of the most recent payments are sent as prepaid cards, often by email.

The Consumer Financial Protection Bureau notes that payments for claims involving out-of-pocket losses, time spent, and other cash benefits are now being sent to eligible claimants, and consumers should watch for these payments.

4.3 How payments are delivered

According to official sources, legitimate settlement payments may arrive as:

  • Prepaid debit cards delivered by email or mail
  • Paper checks sent via postal mail
  • Electronic payments in some cases, depending on the options selected during the claim process

For prepaid cards sent by email, the messages come from specific settlement-related email addresses identified by the FTC as legitimate. The settlement administrator also provides instructions for activating or reissuing prepaid cards if needed.

5. How to Confirm and Use a Settlement Payment

5.1 Verifying that a message is legitimate

Because data breach settlements can attract scammers, it is important to verify any unexpected email or text claiming to offer money. To confirm a message is authentic, consumers should:

  • Check that the email address matches the official settlement-related addresses listed by the FTC.
  • Avoid clicking links in suspicious messages; instead, navigate directly to the official settlement website or government pages via a browser.
  • Never provide full Social Security numbers, bank passwords, or other highly sensitive data in response to an unsolicited message.

5.2 Activating and redeeming prepaid cards

For prepaid cards sent under the settlement, the settlement administrator or card issuer provides a dedicated activation website or phone number. Consumers generally must:

  • Visit the official activation page or call the number shown on the card materials
  • Enter card details and requested identifying information
  • Set up a PIN or online account, if applicable

Once activated, the prepaid card can typically be used for purchases (online or in-store) up to the available balance, subject to any expiration dates or usage conditions detailed by the issuer.

6. Protecting Yourself After the Equifax Breach

Even though the settlement claim periods have ended, the risk of identity theft from exposed Social Security numbers and other personal data does not automatically disappear. Regulators and consumer advocates recommend several ongoing steps to protect yourself.

6.1 Monitor your credit reports

Consumers are entitled to free credit reports from each of the three nationwide bureaus through the official AnnualCreditReport site. Federal regulators have also supported expanded access to free reports in response to data breaches and the COVID-19 pandemic period.

When reviewing your reports, look for:

  • New accounts you do not recognize
  • Credit inquiries from unfamiliar lenders
  • Personal information that appears incorrect or changed without your consent

6.2 Consider a fraud alert or credit freeze

The FTC and CFPB highlight two powerful tools to reduce the risk of new-account fraud:

  • Fraud alert: Instructs lenders to take extra steps to verify your identity before opening new credit.
  • Credit freeze: Severely limits most new creditors from accessing your credit report, making it difficult for someone to open new accounts in your name.

Placing a credit freeze or fraud alert is free under federal law. You must contact each bureau separately for a freeze. Lifting or temporarily “thawing” a freeze can also be done when you apply for legitimate credit.

6.3 Watch other financial accounts

Beyond your credit reports, it is important to monitor:

  • Bank and credit card statements for unauthorized charges
  • Health insurance statements for unfamiliar medical services
  • Tax filings and IRS notices for signs of tax-related identity theft

If you detect suspicious activity, report it quickly to the relevant institution and, when appropriate, to the FTC’s identity theft resources.

7. Lessons for Consumers: Data Breaches and Your Rights

The Equifax settlement illustrates several broader points about data security and consumer rights.

7.1 Data breaches can have long-lasting effects

Unlike passwords or payment card numbers, Social Security numbers and dates of birth cannot easily be changed. That means people exposed in a large-scale breach may need to stay vigilant for years. Regulators emphasize that credit monitoring, identity restoration services, and fraud alerts are useful tools but do not guarantee that fraud will never occur.

7.2 Government agencies can obtain monetary and non-monetary relief

In large breaches, agencies like the FTC, CFPB, and state attorneys general can pursue enforcement actions that lead to settlements providing:

  • Cash payments or refunds to consumers
  • Free services such as credit monitoring or identity restoration
  • Requirements that companies strengthen their cybersecurity programs

For example, separate from the data breach, New York’s Attorney General has also reached settlements with Equifax over inaccurate credit reporting, requiring both monetary payments and new safeguards to protect consumers.

7.3 Staying informed is essential

In any major settlement, the specific rules, deadlines, and benefit amounts can be complex. Official websites and communications from agencies like the FTC and CFPB are critical sources of accurate updates.

Consumers should be cautious about relying on unofficial social media posts or third-party messages, which may be incomplete or inaccurate, and always confirm details using primary government or court-approved sources.

8. Frequently Asked Questions (FAQs)

Q1: Can I still file a claim in the Equifax data breach settlement?

No. Both the initial claim period (for credit monitoring or alternative cash payments) and the extended claim period (for out-of-pocket losses and time spent) have closed. The final deadline was January 22, 2024.

Q2: I filed a claim. When should I expect my payment?

Government and settlement sources indicate that payments for out-of-pocket losses, time spent, and other cash benefits are now being sent, including additional payments to some claimants. The exact timing depends on your claim type and how you chose to receive funds.

Q3: How will I receive my Equifax settlement payment?

Payments may come as paper checks, prepaid debit cards, or electronic transfers, depending on the options you selected and instructions from the settlement administrator. Many of the most recent distributions are prepaid cards sent by email.

Q4: How do I know if an email about the Equifax settlement is real?

The FTC lists the official email addresses used by the settlement administrator and warns consumers to ignore messages from other senders. To be safe, you can also navigate directly to the official settlement or government websites instead of clicking links in the message.

Q5: What if I never signed up for credit monitoring when it was offered?

The activation deadline for settlement-provided credit monitoring has passed. However, you can still protect yourself by using free annual credit reports, considering a credit freeze or fraud alert, and monitoring financial accounts regularly.

Q6: Does the settlement mean my data is now safe?

The settlement cannot erase the fact that sensitive information was exposed. Regulators emphasize that consumers should remain vigilant and use available tools like credit monitoring, freezes, and identity theft resources to reduce future risk.

References

  1. Equifax Data Breach Settlement — Federal Trade Commission. 2024-10-31. https://www.ftc.gov/enforcement/refunds/equifax-data-breach-settlement
  2. Equifax Data Breach Settlement: Home — Equifax Breach Settlement Official Site. 2024-01-23. https://www.equifaxbreachsettlement.com
  3. Key Dates – Equifax Data Breach Settlement — Equifax Breach Settlement Official Site. 2024-01-23. https://www.equifaxbreachsettlement.com/dates
  4. Equifax Data Breach Settlement — Consumer Financial Protection Bureau. 2024-11-15. https://www.consumerfinance.gov/equifax-settlement/
  5. Equifax Data Breach Settlement: Your Guide to 2025 Payments — Nolo. 2025-01-10. https://www.nolo.com/legal-updates/equifax-data-breach-settlement-how-to-get-compensation.html
  6. Equifax Statement on Court-Appointed Third-Party Settlement Administrator Distributing Final Payments in the Data Breach Settlement — Equifax. 2024-11-07. https://www.equifax.com/newsroom/all-news/-/story/equifax-statement-on-court-appointed-third-party-settlement-administrator-distributing-final-payments-in-the-data-breach-settlement/
  7. Attorney General James Secures $725,000 from Equifax for Harming Consumers Through Inaccurate Credit Scores — New York State Office of the Attorney General. 2025-02-03. https://ag.ny.gov/press-release/2025/attorney-general-james-secures-725000-equifax-harming-consumers-through
Sneha Tete
Sneha TeteBeauty & Lifestyle Writer
Sneha is a relationships and lifestyle writer with a strong foundation in applied linguistics and certified training in relationship coaching. She brings over five years of writing experience to waytolegal,  crafting thoughtful, research-driven content that empowers readers to build healthier relationships, boost emotional well-being, and embrace holistic living.

Read full bio of Sneha Tete