In 2017, one of the nation’s three largest credit bureaus, Equifax, experienced a security breach that left the personal information – including names, birth dates and social security numbers – of 147 million Americans vulnerable. This included about 500,000 Rhode Islanders, or about half the state’s population.

The breach was, allegedly, the result of a total failure on Equifax’s part to secure their data. The Federal Trade Commission (FTC) alleges that even after being made aware of a severe vulnerability in March of 2017, Equifax failed to patch its security until that following July. In the time between, hackers were able to invade the network and access an unsecured file which contained login credentials for Equifax administrators stored in plain text format, giving them total access to databases filled with hundreds of millions of consumers’ personal data.

On Monday, the Rhode Island Attorney General’s office announced a proposed settlement between Equifax and the federal government worth up to $700 million in total fines and penalties.

Of that money, up to $425 million is being made available in order to pay restitution to those affected by the breach; $175 million is to be paid to individual states, Washington D.C. and Puerto Rico – with $1 million of that going to Rhode Island’s general fund – and another $100 million will go to the Consumer Financial Protection Bureau.

“This is an important win for consumers,” said Attorney General Peter F. Neronha in a release. “As sensitive data becomes more and more vulnerable to online hackers, the need for adequate security systems and privacy measures is paramount. Our office will continue to stand up for Rhode Island consumers.”

Here’s what you need to know.

Who is affected by the breach?

The obvious question for many people is how to find out if you’ve been compromised in the Equifax breach. Fortunately, an online tool provided by Equifax has provided an easy means to accomplish this.

You can go to eligibility.equifaxbreachsettlement.com/en/eligibility and enter your last name and last six digits of your social security number, and the site will inform you as to whether or not you are one of the unlucky half of the country’s population that was exposed. There is certainly a healthy amount of irony behind submitting more personal information to Equifax to assess whether or not they mishandled your personal information, but that is unfortunately the only tool available that gives results immediately.

If you do not wish to enter your data, you should maintain a careful watch of your credit score and inspect credit card bills to ensure there are no suspicious changes or charges that have occurred within the last two years, and continue to keep a careful eye on them going forward.

What options are available if I’ve been compromised?

As part of the settlement, which received preliminary approval in federal court on Monday, Equifax will pay $300 million into a restitution fund intended to help make whole people who were affected by the breach. If this number is insufficient to do so, they will pay up to an additional $125 million for consumer recompense.

Those seeking restitution should contact the Attorney General’s Consumer Protection Unit at 401-274-4400 to add their e-mail address to a list to receive notification when the settlement has been approved. Once the settlement has been approved, consumers will be able to file a claim, which the AG’s office can also help with. You may also seek more information at RIAG.RI.gov to access frequently asked questions once the settlement is approved.

As far as what restitution options would be available to someone who was affected once the settlement is approved, there are multiple options:

1) Free credit monitoring or a small cash payment 

You may wish to receive up to four years of free, three-bureau credit monitoring through Experian, six years of free, one-bureau credit monitoring through Equifax or a one-time, $125 cash payment.

2) Cash payments up to $20,000

– For time spent remedying fraud encountered as a result of the breach, identity theft suffered or other misuse of personal data, or for reimbursement of purchasing credit monitoring services or freezing credit reports. You can be compensated for up to 20 hours of time spent remedying your credit at $25 per hour.

3) Free identity restoration services

– You can be eligible for at least seven years of free assisted identity restoration services to help remedy any form of identity fraud or theft that occurred as a result of the breach.

What is happening to prevent this from happening again?

Also as part of the settlement, Equifax must agree to terms to improve its security and accountability to consumers, including the following steps to assist consumers who are facing identity theft issues because of the breach:

• Making it easier for consumers to freeze and thaw their credit;
• Making it easier for consumers to dispute inaccurate information in credit reports; and
• Requiring Equifax to maintain sufficient staff dedicated to assisting consumers who may be victims of identity theft.

They must also strengthen security practices going forward by:

• Reorganizing its data security team;
• Minimizing its collection of sensitive data and the use of consumers’ Social Security numbers;
• Performing regular security monitoring, logging and testing;
• Employing improved access control and account management tools;
• Reorganizing and segmenting its network; and
• Reorganizing its patch management team and employing new policies regarding the identification and deployment of critical security updates and patches.