Equifax to pay $700 million for breach of 140 million Americans' data
Credit reporting agency Equifax has reached a deal to pay upwards of $700 million to state and federal regulators to settle probes related to a data breach that exposed personal information of over 140 million people.
In 2017, Equifax had admitted that hackers had gained access to personal information of 143 million Americans in a data breach. The 2017 Equifax data breach was the largest hack in US history.
Hackers had exploited a security flaw in a tool designed to build web applications. Equifax admitted that it had been aware of the flaw a full two months before hackers had accessed its data, and did nearly nothing to stop the intrusion.
The information stolen included names, birthdays, addresses, as well as driver's license and social security numbers. Those who purchased iPhones may have been affected, as Apple's U.S. loan partner for the iPhone Upgrade Program is Citizens Bank -- a company that has utilized Equifax in the past.
The Federal Trade Commission announced on Monday that Equifax will need to pay $300 million to $425 million to compensate people who used credit monitoring services. There is a cap on the fund, however, and when it is depleted, there will be no more payments doled out.
Additionally, Equifax will pay $275 million in penalties and compensation to 48 states, Washington, Puerto Rico, and the Consumer Financial Protection Bureau. It isn't presently clear how the funds will be paid, however.
The US Federal Trade Commission declared that Equifax violated its prohibition against deceptive practices, failing to safeguard peoples' personal information despite claiming that it implemented "reasonable physical, technical and procedural safeguards."
"Companies that profit from personal information have an extra responsibility to protect and secure that data," said FTC Chairman Joe Simons. "Equifax failed to take basic steps that may have prevented the breach."
Equifax will also be required to change how they handle private user data. The company will have to adjust its information security protocols, implement annual assessments of security risks, and receive certification attesting that the company has complied with the FTC order.
In 2017, Equifax had admitted that hackers had gained access to personal information of 143 million Americans in a data breach. The 2017 Equifax data breach was the largest hack in US history.
Hackers had exploited a security flaw in a tool designed to build web applications. Equifax admitted that it had been aware of the flaw a full two months before hackers had accessed its data, and did nearly nothing to stop the intrusion.
The information stolen included names, birthdays, addresses, as well as driver's license and social security numbers. Those who purchased iPhones may have been affected, as Apple's U.S. loan partner for the iPhone Upgrade Program is Citizens Bank -- a company that has utilized Equifax in the past.
The Federal Trade Commission announced on Monday that Equifax will need to pay $300 million to $425 million to compensate people who used credit monitoring services. There is a cap on the fund, however, and when it is depleted, there will be no more payments doled out.
Additionally, Equifax will pay $275 million in penalties and compensation to 48 states, Washington, Puerto Rico, and the Consumer Financial Protection Bureau. It isn't presently clear how the funds will be paid, however.
The US Federal Trade Commission declared that Equifax violated its prohibition against deceptive practices, failing to safeguard peoples' personal information despite claiming that it implemented "reasonable physical, technical and procedural safeguards."
"Companies that profit from personal information have an extra responsibility to protect and secure that data," said FTC Chairman Joe Simons. "Equifax failed to take basic steps that may have prevented the breach."
Equifax will also be required to change how they handle private user data. The company will have to adjust its information security protocols, implement annual assessments of security risks, and receive certification attesting that the company has complied with the FTC order.
Comments
Essentially, you gathered personal, private and confidential information about the consumer - without their express permission; then you used sloppy housekeeping and allowed that data to be stolen. The cost to individual consumers in time, money and personal security far outweighs the fine assessed by the Gov't.
Lets START at $10,000 per customer, and see what additional security can be put in place with that type of fine.
Let that happen a time or two and corporate America will wake up. Right now they can digitally stalk you at will and sell the data for profit. In some cases they provide inaccurate data that can impact your ability to get a job, a promotion, secure credit, or even rent an apartment. When they screw up on this massive scale they are slapped lightly on the wrist.
Can’t really call that a slap on the wrist (Catholic style)... maybe an ear flick for a company that lacks ears.
So, what did the executives get? Must have taken a hit to their multimillion dollar executive salaries that year... no?
It’s like if I’m at fault for causing an accident, but the county (where the accident took place) pays for the damages and medical bills...
That will show me not to drive drunk, snorting a line, and fondling a prostitute at the same time...
Their quarterly revenue is nearly $1 billion, and they are required to pay $2.09 to $2.98 per person.
So...either get get used to it or stop your complaining. Bcoz, quite frankly, the other side of the isle is 100% complicit in getting us to where we are today by serving up (regurgitating) corporate stooges like Hillary Clinton and Joe Biden as the only choices to ru(i)n this country.