Equifax to pay $700 million for breach of 140 million Americans' data

Posted:
in General Discussion edited July 2019
Credit reporting agency Equifax has reached a deal to pay upwards of $700 million to state and federal regulators to settle probes related to a data breach that exposed personal information of over 140 million people.

Equifax to pay $700 million for 2017 data breach


In 2017, Equifax had admitted that hackers had gained access to personal information of 143 million Americans in a data breach. The 2017 Equifax data breach was the largest hack in US history.

Hackers had exploited a security flaw in a tool designed to build web applications. Equifax admitted that it had been aware of the flaw a full two months before hackers had accessed its data, and did nearly nothing to stop the intrusion.

The information stolen included names, birthdays, addresses, as well as driver's license and social security numbers. Those who purchased iPhones may have been affected, as Apple's U.S. loan partner for the iPhone Upgrade Program is Citizens Bank -- a company that has utilized Equifax in the past.

The Federal Trade Commission announced on Monday that Equifax will need to pay $300 million to $425 million to compensate people who used credit monitoring services. There is a cap on the fund, however, and when it is depleted, there will be no more payments doled out.

Additionally, Equifax will pay $275 million in penalties and compensation to 48 states, Washington, Puerto Rico, and the Consumer Financial Protection Bureau. It isn't presently clear how the funds will be paid, however.

The US Federal Trade Commission declared that Equifax violated its prohibition against deceptive practices, failing to safeguard peoples' personal information despite claiming that it implemented "reasonable physical, technical and procedural safeguards."

"Companies that profit from personal information have an extra responsibility to protect and secure that data," said FTC Chairman Joe Simons. "Equifax failed to take basic steps that may have prevented the breach."

Equifax will also be required to change how they handle private user data. The company will have to adjust its information security protocols, implement annual assessments of security risks, and receive certification attesting that the company has complied with the FTC order.
«1

Comments

  • Reply 1 of 30
    That is not enough. That’s only $5 per American and this type of negligence can cause so much more financial issues for them. Then, the Americans that were impacted don’t even get the money.  

    Edit: Because math is hard. 
    edited July 2019 hodarStrangeDaysmac_dogjahbladeracerhomie3tadddysamoriabadmonkFedupwiththeBS
  • Reply 2 of 30
    hodarhodar Posts: 357member

    Essentially, you gathered personal, private and confidential information about the consumer - without their express permission; then you used sloppy housekeeping and allowed that data to be stolen.  The cost to individual consumers in time, money and personal security far outweighs the fine assessed by the Gov't.

    Lets START at $10,000 per customer, and see what additional security can be put in place with that type of fine.

    davgregStrangeDaysmac_dogjahbladejbdragonsdw2001dysamoriapscooter63cgWerksFedupwiththeBS
  • Reply 3 of 30
    mazda 3smazda 3s Posts: 1,613member
    WTF kinda of "settlement" is this? They get hit with $700 million for far more dangerous and life-impacting activities than Facebook's $5 billion fine. You voluntarily sign up for Facebook -- your credit history, SSN, etc. are mandatory requirements.
    mwhiteStrangeDaysfruitstandninjagatorguySpamSandwichmac_doganantksundaramjahblademld53ajbdragon
  • Reply 4 of 30
    mrboba1mrboba1 Posts: 276member
    That is not enough. That’s only $50 per American and this type of negligence can cause so much more financial issues for them. Then, the Americans that were impacted don’t even get the money.  
    Not $50 - it's 5 per person of this 140 million Americans.
    scottjdStrangeDaysfruitstandninjamac_dogjahbladejbdragonFedupwiththeBS
  • Reply 5 of 30
    scottjdscottjd Posts: 64member
    300 mill to 425 mill for 143 mill people affected, That’s a whole $2.10 to $3.03 per person, wow. Yea, that will help me monitor my credit that took years to build up a FICO score over 800 and affects my auto insurance costs and deposits on utilities. My credit that I now have to monitor for years since anyone who stole my info would wait 5 or 10 years before selling it. The info that would allow some to commit fraud as me, open fake accounts, even steal my ID or gain access to current accounts with the data stolen. $3 will defiantly save me, thanks. ——— Meanwhile 275 mill to 48 states, Washington, Puerto Rico, and consumer financial protection bureau get about 5.4 mill each based on fines. Seems the government and states benefit more from this. They better give me free legal services when I’m fighting to get my ID back and fix all the fraud charges committed against me. What am I saying......that won’t happen.
    edited July 2019 FedupwiththeBS
  • Reply 6 of 30
    StrangeDaysStrangeDays Posts: 12,834member
    Slap on the wrists. Pathetic showing from the administration. 
    dysamoriaFedupwiththeBS
  • Reply 7 of 30
    davgregdavgreg Posts: 1,036member
    I think we need to impose a corporate death penalty. Otherwise, Equifax should be liquidated and the funds distributed to the impacted parties- not the governments that will just waste it. Then go after the corporate officers responsible, making them responsible  for civil penalties related to negligence, gross incompetence, etc.

    Let that happen a time or two and corporate America will wake up. Right now they can digitally stalk you at will and sell the data for profit. In some cases they provide inaccurate data that can impact your ability to get a job, a promotion, secure credit, or even rent an apartment. When they screw up on this massive scale they are slapped lightly on the wrist.
    scottjdmld53adysamoriaFedupwiththeBS
  • Reply 8 of 30
    mrboba1 said:
    That is not enough. That’s only $50 per American and this type of negligence can cause so much more financial issues for them. Then, the Americans that were impacted don’t even get the money.  
    Not $50 - it's 5 per person of this 140 million Americans.
    Thanks. Missed a zero. 
  • Reply 9 of 30
    SpamSandwichSpamSandwich Posts: 33,407member
    What’s the real problem here? The Social Security number system, our complete reliance on it and the fact that it is used so cavalierly for every trivial interaction under the sun. The entire number system should be scrapped in favor of a random token number system like Apple’s Apple Pay.
    longpathpscooter63
  • Reply 10 of 30
    SpamSandwichSpamSandwich Posts: 33,407member
    mazda 3s said:
    WTF kinda of "settlement" is this? They get hit with $700 million for far more dangerous and life-impacting activities than Facebook's $5 billion fine. You voluntarily sign up for Facebook -- your credit history, SSN, etc. are mandatory requirements.
    I’m at the stage I’d like to voluntarily leave the Social Security program and get my life back. The entire system and our society’s over reliance on such a poorly conceived and protected number illustrates that a single point of failure ultimately fails every time.
    longpath
  • Reply 11 of 30
    seanismorrisseanismorris Posts: 1,624member
    Wow... $5 / person 

    Can’t really call that a slap on the wrist (Catholic style)... maybe an ear flick for a company that lacks ears.

    So, what did the executives get?  Must have taken a hit to their multimillion dollar executive salaries that year... no?

    It’s like if I’m at fault for causing an accident, but the county (where the accident took place) pays for the damages and medical bills...

    That will show me not to drive drunk, snorting a line, and fondling a prostitute at the same time...



    longpath
  • Reply 12 of 30
    MacProMacPro Posts: 19,718member
    and as already asked ... who gets the money?  Not those harmed.  Seems like a new lawsuit needs to be filed in the interest of consumers.
    anantksundaramStrangeDays
  • Reply 13 of 30
    flydogflydog Posts: 1,123member
    Another slap in the wrist. 

    Their quarterly revenue is nearly $1 billion, and they are required to pay $2.09 to $2.98 per person.


    StrangeDays
  • Reply 14 of 30
    mac_dogmac_dog Posts: 1,069member
    davgreg said:
    I think we need to impose a corporate death penalty. Otherwise, Equifax should be liquidated and the funds distributed to the impacted parties- not the governments that will just waste it. Then go after the corporate officers responsible, making them responsible  for civil penalties related to negligence, gross incompetence, etc.

    Let that happen a time or two and corporate America will wake up. Right now they can digitally stalk you at will and sell the data for profit. In some cases they provide inaccurate data that can impact your ability to get a job, a promotion, secure credit, or even rent an apartment. When they screw up on this massive scale they are slapped lightly on the wrist.
    You need to start voting in law makers that aren’t beholden to corporate interests in order for this to happen. I’m thinking the likes of Elizabeth warden and Bernie Sanders. And before anyone’s brain explodes, why is it so palatable to have a president who is a racist, a rapist, a narcissist, and a sociopath, compared to a democrat who believes that government should benefit everyone (not just corporate interests), whose policies just happen to be aligned with the policies of socialism? Apparently, elements of fascism and the third Reich  are 100% agreeable with America. And when I say that, I mean that people I know that hate trump are even more afraid of the likes of warren and sanders.

    So...either get get used to it or stop your complaining. Bcoz, quite frankly, the other side of the isle is 100% complicit in getting us to where we are today by serving up (regurgitating) corporate stooges like Hillary Clinton and Joe Biden as the only choices to ru(i)n this country. 
    edited July 2019 fruitstandninjamld53a
  • Reply 15 of 30
    SoliSoli Posts: 10,035member
    They make it seem like it's over and done with when your SSN and other info being out there can now be cause for an easy breach for the rest of your life. I think my credit is locked with the 4 biggest bureaus but I honestly don't know how secure that system is for obtaining credit under my name or if their servers are anymore secure than they were before the breach.
    edited July 2019
  • Reply 16 of 30
    SpamSandwichSpamSandwich Posts: 33,407member
    MacPro said:
    and as already asked ... who gets the money?  Not those harmed.  Seems like a new lawsuit needs to be filed in the interest of consumers.
    A class-action suit against the Federal government for failure to prevent the use of the SSN as a means of identifying Americans for every trivial and weakly protected purpose under the sun might be helpful.
    longpath
  • Reply 17 of 30
    longpathlongpath Posts: 393member
    I'm fairly certain it wasn't the government that was harmed by this; but it is the government getting paid for it. In what way does this fine make even one of the 140 million people impacted even a tiny bit better? Indeed, this is my fundamental issue with the criminal justice system: victim compensation isn't a part of it at all.
    mld53a
  • Reply 18 of 30
    SpamSandwichSpamSandwich Posts: 33,407member
    longpath said:
    I'm fairly certain it wasn't the government that was harmed by this; but it is the government getting paid for it. In what way does this fine make even one of the 140 million people impacted even a tiny bit better? Indeed, this is my fundamental issue with the criminal justice system: victim compensation isn't a part of it at all.
    Class-action suits mostly benefit the law firms filing, not those allegedly harmed.
    cgWerks
  • Reply 19 of 30
    jbdragonjbdragon Posts: 2,305member
    I have to lock up all 3 credit agency's of my Data. It's going to be a hassle if I have to get a lone and unlock them once again. That company has every little bit of info on you to get credit cards and take out loans, etc on you. You'll be spending a lot of hours and money trying to prove it wasn't you. Who gets this fine money? The Government!!! It doesn't do a single thing for you. All your personal info is still out there. The Government got another 700 million and this company got what was in effect a slap on the wrist.
  • Reply 20 of 30
    SpamSandwichSpamSandwich Posts: 33,407member
    jbdragon said:
    I have to lock up all 3 credit agency's of my Data. It's going to be a hassle if I have to get a lone and unlock them once again. That company has every little bit of info on you to get credit cards and take out loans, etc on you. You'll be spending a lot of hours and money trying to prove it wasn't you. Who gets this fine money? The Government!!! It doesn't do a single thing for you. All your personal info is still out there. The Government got another 700 million and this company got what was in effect a slap on the wrist.
    Note: There are a total of 4 credit reporting agencies. Experian, Equifax, TransUnion and Innovis. You’ll want to have accounts set up for each.
    gatorguy
Sign In or Register to comment.