Equifax Fined Up to $700 Million Due to Data Breach
Nearly two years after Equifax announced that a data breach had exposed the information of approximately 147 million customers, the credit bureau has reached a settlement deal. This morning the Federal Trade Commission (FTC) announced that Equifax had agreed to pay at least $575 million and as much as $700 million to those impacted by the hack.
According to the FTC’s complaint, Equifax did not take reasonable steps to secure the data stored on its network. As a result an estimated 147 million Americans had their data exposed, including names, birthdates, social security numbers, and more. With this sensitive information, bad actors could steal individuals’ identities, opening new accounts in their name and more.
In the fallout from the hack, legislators have made it easier for consumers to protect themselves from identity theft, including mandating free credit report freezes. Now, as part of the settlement, Equifax will begin providing customers with six free credit reports each year. These half-dozen reports will be in addition to the ones that Equifax, TransUnion, and Experian are each required to offer on AnnualCreditReport.com. This new six-report policy will begin in January 2020 and run for seven years.
As for the money, $300 million will be used to offer credit monitoring services to those impacted by the breach as well as compensate damages incurred from the hack. This figure could rise by up to $125 million if needed. Additionally $175 million will go to 48 states as well as the District of Columbia and Puerto Rico while $100 million will be collected as a Consumer Financial Protection Bureau civil penalty.
Announcing the settlement with Equifax, FTC chairman Joe Simons said, “Companies that profit from personal information have an extra responsibility to protect and secure that data. Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers. This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.” However Consumer Financial Protection Bureau Director Kathleen L. Kraninger noted, “Today’s announcement is not the end of our efforts to make sure consumers’ sensitive personal information is safe and secure. The incident at Equifax underscores the evolving cyber security threats confronting both private and government computer systems and actions they must take to shield the personal information of consumers. Too much is at stake for the financial security of the American people to make these protections anything less than a top priority.”
While this settlement with Equifax won’t fix all of the problems or quell all of the fears that consumers are now subject to, it is a welcomed start. Still, consumers must continue to take actions to protect themselves, including monitoring their credit and considering freezes. For more information on the settlement and how to claim compensation, visit FTC.com/Equifax.