Equifax Agrees to $700 Million Settlement After Huge Hacking Incident Hit Consumers
WASHINGTON – Credit reporting giant Equifax Inc. signed a settlement Monday in which it agreed to pay as much as $700 million to resolve government and consumer complaints resulting from a data breach that exposed the personal financial information of most of the U.S. adult population.
The settlement follows investigations by the Federal Trade Commission, Consumer Financial Protection Bureau and all 50 state attorneys general. Consumers filed thousands of private lawsuits that were consolidated into a class action.
The agreement with the Federal Trade Commission awaits approval by a judge in the U.S. District Court for the Northern District of Georgia, where the case is pending.
“This settlement requires that the company take steps to improve its data security going forward and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud,” Federal Trade Commission Chairman Joe Simons said in a statement.
The Federal Trade Commission blamed much of the heavy penalty on Equifax’s negligence in failing to fix a known security hazard.
A security flaw in the company’s Apache Struts program was detected by engineers but continued for two months before the 2017 data breach, despite the availability of a software patch, the Federal Trade Commission reported.
A hacker who exploited the flaw then was able to steal records of more than 146 million users by gaining access to the Equifax system.
The breached information included Social Security numbers, names, birth dates, phone numbers, email addresses and drivers license records. The hackers also accessed 209,000 payment card numbers and expiration dates.
The Federal Trade Commission reported that Equifax stored many network credentials, passwords and Social Security numbers in plain text files where they were easily susceptible to cybercrime.
The agreement would allocate about $300 million for consumers affected by the data breach. Another $100 million would be paid to the Consumer Financial Protection Bureau for civil penalties. All 50 states, the District of Columbia and Puerto Rico would share $175 million of the compensation, Equifax said in a press release.
The company agreed to an additional $125 million payment if more than seven million
consumers file claims showing the original amount of compensation was inadequate.
Other parts of the agreement would give all U.S. consumers six free credit reports per year for seven years. Equifax also agreed to annual tests of its cybersecurity, to add more safeguards to its computers and to certify its compliance annually with the consent agreement.
The damage to the company goes far beyond the enormous penalties in the settlement agreement.
Equifax’s chief executive was forced into resignation, two of its top executives received prison sentences for insider trading, its credit rating suffered and legal fees reached into millions of dollars. The company spent millions more trying to strengthen its cybersecurity.
“This comprehensive settlement is a positive step for U.S. consumers and Equifax as we move forward from the 2017 cybersecurity incident and focus on our transformation investments in technology and security as a leading data, analytics and technology company,” Equifax Chief Executive Officer Mark W. Begor said in a statement.
Consumers who can prove they spent time trying to correct problems created by the data
breach can receive compensation as high as $20,000 per person. The compensation would be calculated at $25 per hour up to 20 hours.
The claims process is scheduled to open after court approval of the settlement. More information can be found on the Federal Trade Commission website at https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement
In The News
In The News
WASHINGTON — The rise in profit-driven cyberattacks has prompted Senate Select Committee on Intelligence Chairman Mark Warner, D-Va., to contemplate a mandatory reporting bill so law enforcement can promptly take action on urgent threats. Warner told Axios recently that he anticipates broad support for such upcoming... Read More
Researchers from the Guangzhou Women and Children's Medical Center in China published a study this week in the medical journal Development, offering new insight into preventing infertility in men. Currently, at least 30 million men worldwide are infertile, and one in seven couples are considered clinically... Read More
WASHINGTON - As Congress edges closer to putting a final infrastructure bill on President Joe Biden’s desk, it looks like lawmakers and the White House are aligned in their commitment to bolster U.S. cybersecurity through increased federal investment, focusing on prevention and utilizing public-private partnerships to... Read More
NEW ORLEANS (AP) — The Biden administration's suspension of new oil and gas leases on federal land and water was blocked Tuesday by a federal judge in Louisiana who ordered that plans continue for lease sales that were delayed for the Gulf of Mexico and Alaska... Read More
The U.S. Education Department said Wednesday it's erasing student debt for thousands of borrowers who attended a for-profit college chain that made exaggerated claims about its graduates' success in finding jobs. The Biden administration said it is approving 18,000 loan forgiveness claims from former students of... Read More
GENEVA (AP) — With stern expressions and polite words before the cameras, President Joe Biden and Russia's Vladimir Putin plunged into hours of face-to-face talks Wednesday at a lush lakeside Swiss mansion, a highly anticipated summit at a time when both leaders agree that relations between... Read More