Credit reporting agency Equifax has reached a deal to pay up to $700 million to state and federal regulators to settle probes stemming from a data breach that exposed the personal information of nearly 150 million people. It will be the largest settlement ever paid for a data breach.
Funds from the settlement will go toward compensating consumers for the cost of the 2017 data breach, the Wall Street Journal and The New York Times reported Friday, citing people close to the matter.
The hack, the largest in US history, exposed sensitive information, including names, Social Security numbers, drivers’ license numbers and addresses.
The amount of the settlement could change depending on the number of claims still to be filed by consumers, the Journal said.
The deal with the Federal Trade Commission, the Consumer Financial Protection Bureau and most state attorneys general also requires more changes to how Equifax handles private user data, according to the reports. It could be announced as early as Monday.
Equifax did not respond to CNN Business’ request for comment.
Equifax first disclosed the hack in September 2017, three months after the company discovered the breach.
Hackers leveraged a security flaw in a tool designed to build web applications to steal customer data. Equifax admitted it was aware of the security flaw a full two months before the company says hackers first accessed its data.
It has said its damages exceeded $350 million.
The data breach prompted the resignation of CEO Richard Smith and investigations by federal regulators, multiple states attorneys general and the company faces a number of civil lawsuits.