Very costly. Equifax reportedly to pay hundreds of millions of dollars for data breach settlement with US regulators
Credit checking specialist Equifax US Information Solutions is to pay an eye watering data breach settlement of around $700m to US regulators and US states.
The settlement figure will reportedly be paid to settle with the Federal Trade Commission, the Consumer Financial Protection Bureau and most state attorneys general, the Wall Street Journal (WSJ) reported.
Earlier this month Jun Ying, the former Chief Information Officer CIO of Equifax was sentenced to four months in a federal prison for insider trading. He sold off his stock options before the 2017 data breach became public knowledge.
Equifax data breach
The highly damaging breach at Equifax first came to light back in September 2017. That breach resulted in the theft of the data belonging to 143 million US consumers (and 15.2 million British citizens).
Data stolen included names, addresses, social security numbers, and dates of birth.
What made the Equifax breach so damaging, was that the firm had discovered the breach back in July 2017 but waited 40 days before telling the world.
Even worse, Equifax’s IT team had known about the about the vulnerability exploited by the hackers as far back as March 2017, after a security researcher had warned the firm about its vulnerability to a cyberattack months before it actually suffered the breach.
This meant that there were personnel within Equifax’s senior management that knew of the breach long before the firm publicly declared the security incident.
And now according to the WSJ, Equifax is nearing a deal to settle multiple state and federal investigations that resulted from the breach.
According to people familiar with the matter, the settlement deal with regulators and US states, would also resolve a nationwide consumer class-action lawsuit.
The amount to be paid by Equifax could change depending on the number of claims eventually filed by consumers, and the WSJ added that the settlement could be announced as soon as Monday.
The fallout from the 2017 Equifax breach triggered multiple investigations across the world, and the credit monitoring firm was hauled up before the US Congress.
Former CEO Richard Smith faced a serious grilling from US Senators. This was after he had already retired from the firm after the breach became public.
Do you know all about security? Try our quiz!