equifax logo

Equifax Will Pay At Least $650 Million In Settlement Over 2017 Data Breach

The credit-reporting agency will pay at least $300 million to victims. But it may be difficult for consumers to prove direct losses from identity theft.

  • By Haley Samsel
  • Jul 23, 2019

Equifax, one of the country’s three major credit-reporting agencies, could pay over $700 million⁠—and will pay at least $650 million⁠—to settle federal, state and consumer lawsuits brought after the sensitive information of more than 147 million people was exposed in a data breach in 2017.

The settlement, which ends pending class-action lawsuits and investigations into the company by the Federal Trade Commission, state attorneys general and the Consumer Financial Protection Bureau, is the largest ever for a data breach. A court still needs to approve the terms of the settlement, The New York Times reported.

If the deal goes through, Equifax will pay $175 million in fines to all 50 states and $100 million to the CFPB, according to CNBC. From there, the company will establish a $380.5 million restitution fund for consumers affected by the breach. A portion of those funds will go to lawyers fees, but at least $300 million must go to victims of the incident, the Times reported.

Depending on how many people are able to demonstrate they were directly harmed by the breach, Equifax will be required to add up to $125 million to the fund and potentially pay over $500 million to consumers alone.

Since the breach was made public in September 2017, lawmakers and regulators have scrutinized Equifax for its slow response to the attack and lax security policies. As part of the deal, the company agreed to improve its security and have its policies evaluated regularly by an outside party. The hackers behind the cyber attack have still not been identified by law enforcement.

“We can be confident that a large number of the compromised users’ sensitive information from the Equifax breach is still actively in use in account takeover attacks,” Deepak Patel, a security evangelist with cybersecurity company PerimeterX, said. “Cybercriminals can combine data from different breaches - for example, name and address from one with the date of birth and password from another - to increase the success rate of credential stuffing.”

After a court order approves the settlement, consumers will be able to file for free credit monitoring and identity restoration services through an official website. In addition, people directly affected by the breach can submit documents showing the misuse of their personal information, their out-of-pocket losses and expenses related to credit or identity monitoring services. Equifax will pay up to $20,000 for those claims.

But it may be difficult to prove direct losses from identity theft, particularly because information stolen via the Equifax breach has never been found for sale on the dark web, according to CNBC. The New York Attorney General’s office said it will enforce a rule that allows Americans who have been the victim of identity theft from any breach after the Equifax incident to apply for out-of-pocket reimbursements.

In order to qualify, consumers will need a paper trail proving lost funds and time they spent filing disputes over the theft. The time spent dealing with the breach will be compensated at $25 per hour for up to 20 hours, CNBC reported.

“Equifax put profits over privacy and greed over people, and must be held accountable to the millions of people they put at risk,” Letitia James, the New York attorney general, said in a statement. “Now it’s time for the company to do what’s right and not only pay restitution to the millions of victims of their data breach, but also provide every American who had their highly sensitive information accessed with the tools they need to battle identity theft in the future.”

Massive corporate data breaches are now regular events around the world, and other companies are facing stiff penalties from government regulators. British Airways and Mariott International were recently hit with record fines under the General Data Protection Regulation law that went into effect in 2018.

“When the Equifax and British Airways breaches happened in 2017, it seemed like regulators would let them off easy with a slap on the wrist,” Patel said. “But the FTC and GDPR are imposing meaningful fines to hold these large corporations accountable for breaches involving sensitive user data.”

Featured

  • Maximizing Your Security Budget This Year

    Perimeter Security Standards for Multi-Site Businesses

    When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now

  • New Research Shows a Continuing Increase in Ransomware Victims

    GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report. In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. Read Now

  • OpenAI's GPT-4 Is Capable of Autonomously Exploiting Zero-Day Vulnerabilities

    According to a new study from four computer scientists at the University of Illinois Urbana-Champaign, OpenAI’s paid chatbot, GPT-4, is capable of autonomously exploiting zero-day vulnerabilities without any human assistance. Read Now

  • Getting in Someone’s Face

    There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now

    • Industry Events
    • ISC West
Most   Popular

Featured Cybersecurity

Webinars

New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection. 3