Equifax exposed 150 million Americans' personal data. Now it will pay up to $700 million

Article Image

Credit reporting agency Equifax has reached a deal to pay up to $700 million to state and federal regulators to settle probes stemming from a data breach tha...

Posted: Jul 23, 2019 3:55 AM
Updated: Jul 23, 2019 3:59 AM

Credit reporting agency Equifax has reached a deal to pay up to $700 million to state and federal regulators to settle probes stemming from a data breach that exposed the personal information of nearly 150 million people. It will be the largest settlement ever paid for a data breach.

The Federal Trade Commission announced Monday that Equifax will pay at least $300 million and as much as $425 million to compensate affected people with credit monitoring services. That money will go into a fund that will also reimburse people who purchased credit- or identity-monitoring services because of the 2017 data breach. The amount of the settlement could change depending on the number of claims still to be filed by consumers.

Equifax will also pay $275 million in civil penalties and other compensation to 48 states, Washington, Puerto Rico and the Consumer Financial Protection Bureau.

The deal also requires more changes to how Equifax handles private user data. For example, the company will have to adjust its information security protocols, including annual assessments of security risks and receiving the board's certification attesting that the company has complied with the FTC's order.

The FTC alleges Equifax violated the agency's prohibition against unfair and deceptive practices. The FTC said Equifax failed to properly safeguard peoples' personal information despite claiming in its privacy policy that it implemented "reasonable physical, technical and procedural safeguards" to protect their data.

"Companies that profit from personal information have an extra responsibility to protect and secure that data," said FTC Chairman Joe Simons in a statement. "Equifax failed to take basic steps that may have prevented the breach."

The hack, the largest in US history, exposed sensitive information, including names, Social Security numbers, drivers' license numbers and addresses.

Equifax did not respond to CNN Business' request for comment.

Equifax first disclosed the hack in September 2017, three months after the company discovered the breach.

Hackers leveraged a security flaw in a tool designed to build web applications to steal customer data. Equifax admitted it was aware of the security flaw a full two months before the company says hackers first accessed its data.

The data breach prompted the resignation of CEO Richard Smith and investigations by federal regulators, multiple states attorneys general and the company faces a number of civil lawsuits.

Article Comments

Medford
Overcast
49° wxIcon
Hi: 57° Lo: 44°
Feels Like: 49°
Brookings
Overcast
55° wxIcon
Hi: 57° Lo: 49°
Feels Like: 55°
Crater Lake
Overcast
44° wxIcon
Hi: 50° Lo: 35°
Feels Like: 41°
Grants Pass
Overcast
52° wxIcon
Hi: 60° Lo: 48°
Feels Like: 52°
Klamath Falls
Overcast
44° wxIcon
Hi: 50° Lo: 32°
Feels Like: 41°
Spotty Sunday Showers
KDRV Radar
KDRV Fire Danger
KDRV Weather Cam

Community Events

Latest Video

Image

National Drug Take Back Day

Image

Sunday, October 20 morning weather

Image

Southern Oregon gets past Eastern Oregon for third straight win

Image

Oregon State eclipses 2018 win total

Image

Oregon knocks off rival Washington

Image

Mass Casualty Incident Drill

Image

Saturday, October 19 morning weather

Image

Friday Night Blitz: Week 7 scores and highlights

Image

Eagle Point High School welcomes new sparrow

Image

Friday, October 18th Evening Weather