Equifax has agreed to pay a record $650 million to settle federal and state probes into a massive 2017 data breach.
The settlement is the largest enforcement action taken against a data breach in U.S. history.
The breach compromised the personal information of more than 140 million people, including 2.5 million Coloradans.
An FTC investigation found Equifax failed to secure your personal information, even after discovering vulnerability in their software.
In addition, Equifax failed to monitor the breached system which allowed the hack to go undetected for more than two months.
"When sensitive information is exposed and misused, it can cause devastating harm to consumers," FTC Chairman Joseph Simmons said. "Companies must take seriously their duty to protect consumers information."
At least $300 million of the $650 million settlement will go to victims who file claims showing they were financially harmed. Those victims are also eligible for free credit monitoring and identity theft restoration services.
"I hope this case sends a message that it doesn't pay to under-invest in data security," said Maneesha Mithal, the FTC Division of Privacy and Identity Protection Director.
According to a press release from the Colorado Attorney General's Office, our state will receive $3.16 million.
That money will be earmarked toward consumer protection efforts, including enhanced enforcement and education efforts in the data privacy and security arena, the release said.
Consumers will be able to check their eligibility of filing a claim on the Equifax Settlement Breach online registry. To receive email updates regarding the launch of this online registry, click here.
Eligible consumers will be able to submit their settlement claim here.
"Equifax acted recklessly by failing to take reasonable steps to protect consumer information they collected and stored. As one of the country's largest credit bureaus, Equifax collected and monetized highly sensitive information about all Coloradans. Equifax's failure to protect that information is a clear violation of the Colorado Consumer Protection Act. This historic settlement sends a clear message that all businesses that collect and store confidential consumer information will be held responsible for how they protect-or fail to protect-that information," said Weiser.