After exposing the personal information of almost 150m consumers back in 2017, the credit reporting agency Equifax has reached a deal with US state and federal regulators in which it will pay $700m to settle probes into its data breach.
To date this is the largest settlement ever paid for a data breach and the company will pay to close multiple probes by the Federal Trade Commission, the Consumer Financial Protection Bureau (CFPB) and the state attorneys of 48 states.
New York Attorney General Letitia James explained in a statement why Equifax's settlement is so high, saying:
- 90 percent of data breaches are caused by human error
- The true cost of a data breach
- A third of businesses can't protect themselves from data breaches
“Equifax put profits over privacy and greed over people, and must be held accountable to the millions of people they put at risk. This company’s ineptitude, negligence, and lax security standards endangered the identities of half the U.S. population. Now it’s time for the company to do what’s right and not only pay restitution to the millions of victims of their data breach, but also provide every American who had their highly sensitive information accessed with the tools they need to battle identity theft in the future.”
Under the settlement, Equifax will pay a $175m fine to the states and $100m to the CFPB. The company will also be required to establish a $300m restitution fund for consumers affected by the data breach which could end up being as high as $425m depending on how many people actually use it.
The 2017 data breach saw the information of almost half of US consumers compromised but the restitution fund will only be available to those who can prove they suffered direct costs as a result of the breach. This could be either as victims of fraud or from having to set up credit-monitoring services.
Consumers affected by the breach will be eligible for 10 years of free credit monitoring from Equifax and the company has also agreed to make it easier for consumers to freeze their credit or to dispute inaccurate information found in their credit reports.
Going forward, Equifax will strengthen its own security practices and its policies will be assessed regularly by a third party.
- We've also highlighted the best anti-malware software