Equifax has agreed to a settlement over its 2017 data breach that saw as many as 147 million people’s personal information, including names, birth dates, addresses, and social security numbers, exposed by the company. Taken from The Verge news article,
As part of the settlement, the company will pay at least $575 million, but this could rise to as much as $700 million depending on the amount of compensation people claim. The company has agreed to provide free credit monitoring services to anyone affected for up to 10 years, as well as cash payments of up to $20,000 per person to refund any costs incurred as a result of the breach.
“Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers,” said FTC Chairman Joe Simons, “This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”
“This company’s ineptitude, negligence, and lax security standards endangered the identities of half the U.S. population,” New York Attorney General Letitia James added in a statement to Reuters. The breach, which has been called one of the worst in US history, was disclosed in September 2017 after Equifax failed to patch a vulnerability it was made aware of in March that year. Although its security team initially ordered for the vulnerability to be patched, it never followed up to make sure this had actually happened. The company’s former CEO later blamed a single employee for the oversight. The continued existence of the vulnerability allowed hackers to access Equifax’s servers where they obtained an administrator’s credentials stored in plain text. That gave them continuous access to steal the personal information of millions of people over the course of months.