Skip to main content

Statement by Kathy Kraninger at CFPB/FTC Equifax Settlement Press Conference

Thank you for joining us. Today’s global settlement is the result of a strong partnership between the Bureau, the Federal Trade Commission, and the states. I want to thank my federal and state colleagues for coordinating with us to investigate this important matter. The collaboration and professionalism demonstrated by the staff at the Federal and state level was truly extraordinary and I want to thank the staff for their hard work, including the Bureau staff who worked on this case: Jenelle Dennis, Emily Mintz Sachs, Solange Hilfinger-Pardo, Richa Dasgupta and John Wells.  

Credit reporting companies are entrusted with protecting the personal information of millions of consumers. Two years ago, the data breach at Equifax exposed the personal data of approximately 147 million American consumers. 

The Equifax data breach compromised names, Social Security numbers, birth dates and addresses, and for some, driver’s license numbers and credit card numbers. In short, the most sensitive personal information of these Americans.

In the days immediately following the announcement, more than 6,000 consumers contacted the Bureau with complaints about the breach and the Equifax response. 

The Bureau, along with the FTC and our state partners, launched an investigation into how the Equifax breach happened and how the company responded. After a 20-month investigation, we alleged that Equifax, through unfair and deceptive practices, broke the law both before and after the breach. 

This joint investigation led to today’s global settlement, which includes up to $700 million in monetary relief and penalties. 

Through the Bureau’s actions, up to $425 million will be available to consumers for the time and money they spent to protect themselves from the very real threat of identity theft, to reimburse them for actual identity theft caused by the breach, and to pay for credit monitoring services for consumers and compensation for their losses.

If you are a consumer who was impacted by the breach, let me provide you with some specifics on how this global settlement will deliver relief. 

If after the breach was announced you spent time addressing an identity-theft incident or taking steps to secure your personal information, you may apply to receive compensation for that time. If after the breach announcement, you spent money purchasing credit monitoring or identity-theft protection, placing or lifting security freezes, or have unreimbursed costs associated with identity theft, you may apply to receive reimbursements for the money you spent. 

And if you had Equifax credit monitoring or identity protection at any time between September 7, 2016 and September 7, 2017, you may apply to receive back up to 25 percent of the cost you paid to Equifax. 

Additionally, consumers affected by the breach will be provided with tools to protect themselves against identity theft for four years, including free three-bureau credit monitoring and $1 million in identity-theft insurance provided through a third party. Those who purchase their own credit monitoring through a different provider can still apply to receive up to $125 to defray the cost.  Additionally, starting on December 31, 2019 and extending 7 years, all U.S. consumers may request up to six free copies of their Equifax credit report during any 12-month period.  These free copies will be provided to the requesting consumers in addition to any free reports to which they are already entitled under federal law.

We encourage consumers impacted by the breach to visit for more information about when and how to submit their claims in order to receive free credit monitoring or cash reimbursements. If the court approves the settlement, Consumers will be able to submit a claim either online or by mail. Consumers can also seek information on the CFPB website or from our government partners in the investigation.

Finally, the Bureau fined Equifax $100 million, and will hold Equifax to its requirements under the order to beef up its information-security practices. These are strong measures that send a powerful message about responsibility to those entrusted with private consumer information.

Today’s announcement is not the end of our efforts to make sure consumers’ sensitive personal information is safe and secure. The incident at Equifax underscores the evolving cyber security threats confronting both private and government computer systems and actions they must take to shield personal information. 

Too much is at stake for the financial security of the American people to make these protections anything less than a top priority. 

Thank you again for being here with us today. I’ll now turn it over to Maryland State Attorney General Brian Frosh. 

The Consumer Financial Protection Bureau is a 21st century agency that implements and enforces Federal consumer financial law and ensures that markets for consumer financial products are fair, transparent, and competitive. For more information, visit