Equifax has officially reached a settlement for its well-publicized 2017 data breach. The breach allowed hackers to access 145.5 million U.S. Equifax customers’ personal data, data that included their full names, Social Security numbers, birth dates, addresses, and driver license numbers.
According to an Equifax news release, the company agreed to the following terms in the settlement:
The $671 million resolution includes settlement agreements that would resolve the multi-district consumer class action litigation, as well as investigations by the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB), the Attorneys General of 48 states, Puerto Rico and the District of Columbia, and the New York Department of Financial Services (NYDFS).
If approved by the Court, a consumer restitution fund of up to $425 million will be available to pay for three-bureau credit monitoring for consumers whose information was impacted in the 2017 breach, actual out-of-pocket losses related to the breach, and other consumer benefits such as identity restoration services.
In the news release, Equifax was adamant about its commitment to protecting its customers from further attacks. Whether this proves to be a true statement or not remains to be seen, but the hefty payout is likely all the incentive they need to practice better cybersecurity methods. There are countless other targets of cybercriminals in the financial sector, and it would be wise for other companies to take note of Equifax’s mistakes.
A statement from Kathleen L. Kraninger, director of the U.S. Consumer Financial Protection Bureau, about this settlement underscored this very point. In the announcement on the Federal Trade Commission’s official website, Kraninger chastised Equifax for its negligence and also warned other companies in this quoted excerpt:
The incident at Equifax underscores the evolving cyber security threats confronting both private and government computer systems and actions they must take to shield the personal information of consumers. Too much is at stake for the financial security of the American people to make these protections anything less than a top priority.
The reality of this situation is that based on past history of corporate cybersecurity incidents, another Equifax-level breach will happen again someday. Consumers must be proactive in always being aware of what entities possess their data, and more importantly, never trust that a company can truly protect them from hackers looking for private data.
Featured image: Shutterstock