Those revelations set off a political outcry that led to the departure of several top company officials, including chief executive officer Richard Smith, who was also grilled in a Congressional hearing.
Several other Equifax executives have been charged with insider training, and two pleaded guilty. A recent company filing revealed Equifax has spent about $1.25 billion to shore up its network, and set aside about $700 million to cover litigation and fines.
Carr and other state attorneys general led an investigation that found Equifax failed to update critical vulnerabilities in its software and did not properly replace systems that monitored the network for suspicious activity. It’s still not clear who stole the data, which affected nearly half of all adult Americans.
RELATED: A year after data breach, Atlanta-based Equifax unbowed
As part of the settlement, Equifax agreed to make it easier for consumers to freeze and thaw their credit, hire more staff to help people who are victims of identity theft, reorganize its data security team, minimize its use of sensitive data and overhaul its cybersecurity policies.
The company, one of the nation's three main credit-reporting agencies, also must offer people whose data was swiped credit monitoring services for 10 years. Consumers can sign up for details on the service here.
The settlement comes as the new chief executive, Mark Begor, has tried to improve the company’s reputation and boost its security. He’s touted the firm’s “strong progress” on bolstering its IT network.
Carr called it a “fair and appropriate settlement, ensuring substantial consumer relief and requiring the implementation of robust security measures to protect against future exposure of consumers’ private data.”