Equifax has been told to pay $700 million in fines to settle the impending lawsuits, following a 2017 data breach.
The Federal Trade Commission argued that the credit score agency failed to make appropriate moves in order to protect its network from intruders. The 2017 data breach has seen personal data of 147 million people exposed, including names, dates of birth, social security numbers, credit card numbers and expiration dates.
Out of the entire sum, a portion (anywhere between $300m and $425m) will be used to pay for identity theft services and other customer-related expenses.
The remaining sum will be split among US states and the Consumer Financial Protection Bureau.
According to the BBC, this is the largest ever settlement the FTC has made, an infamous record previously held by Uber, when it paid $148 million last year.
"Equifax failed to take basic steps that may have prevented the breach," said the FTC's chairman Joe Simons. "This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud."
At the same time, the UK’s communications watchdog, the Information Commissioner’s Office, fined the company $622,000 for the damages done against its UK users, some 15 million of them.
Besides paying the fine, Equifax will also have to carry out its own annual audit of security risks, submit to an external security assessment every two years, and make sure that third parties, given access to personal data, also have proper protection.