Equifax could pay $700m in data breach deal

Credit reporting agency Equifax has agreed to pay up to $700 million to settle with the Federal Trade Commission (FTC) over a 2017 data breach which left the details of up to 150 million people exposed.

The deal reached with the US regulator, which will involve at least $575 million, will register as the largest ever payout to the FTC to settle a data breach case, following the $148 million paid by Uber last year.

The settlement includes $300 million fund towards costs incurred by the victims for identity theft services and other related expanses following the breach, rising to $425 million if needed.

The fund will also compensate consumers who bought credit or identity monitoring services from Equifax and paid other out-of-pocket expenses as a result of the 2017 data breach.

The rest of the money ($275 million) will split between the US Federal Trade Commission, the Consumer Financial Protection Bureau, and 48 US states and territories.

The breach occurred as hackers accessed the personal information, including social security numbers and home addresses of nearly 148 million people, from Equifax servers in an attack from May to July 2017.

The company was fined £500,000 in September last year by the Information Commissioner’s Office (ICO) after the data of 15 million Britons was left exposed in the breach.

The data breach occurred between 13 May and 30 July 2017 and affected information belonging to 146 million people worldwide.

The FTC complaint alleged that the credit reporting company’s failure to take reasonable steps to secure its network led to the data breach, and further alleged that Equifax failed to patch its network after being alerted to a security breach in March 2017.

FTC chairman Joe Simons said: “Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers – this settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”

He added: “The incident at Equifax underscores the evolving cyber security threats confronting both private and government computer systems and actions they must take to shield the personal information of consumers.”

In addition to the monetary relief to consumers, Equifax is also required to implement a comprehensive information security program including:

• Designating an employee to oversee the information security program;

• Conducting annual assessments of internal and external security risks and implementing safeguards to address potential risks, such as patch management and security remediation policies, network intrusion mechanisms, and other protections;

• Obtaining annual certifications from the Equifax board of directors or relevant subcommittee attesting that the company has complied with the order, including its information security requirements;

• Testing and monitoring the effectiveness of the security safeguards; and

• Ensuring service providers that access personal information stored by Equifax also implement adequate safeguards to protect such data.

    Share Story:

Recent Stories

The Future of Intelligent Finance
FStech Group Editor Mark Evans sits down with Jason Cao, President of Global Financial Services Business Unit, Enterprise BG at Huawei ahead of its Intelligent Finance Summit which was held on 3rd and 4th of June in Shanghai. This Q&A delves into key trends in digital transformation of the financial services industry as well as a look at how data, robotic infrastructure, intelligent storage and innovative technologies are shaping the future for FSIs.

The Rise of Instant Payments
Instant payments are creating new business opportunities for banks by providing more touchpoints than ever. With these evolutions underway, Featurespace brought leading industry experts together to discuss how they are protecting customers from fraudsters in real time, utilizing innovative and disruptive solutions to reduce fraud. Click here to find out more.

Offloading Cyber Risk in the Cloud
As cyber attacks and data breaches are in the news on an increasingly regular basis - with regulatory penalties and customer trust on the line for financial services firms - it has never been more crucial to be compliant in the cloud.

This video, with Akamai’s EMEA director of security technology and strategy Richard Meeus, will help explain what your company can be doing to make sure it’s not embroiled in the next big fine or front-page scandal.