Equifax to pay $671M to settle massive 2017 data breach mess

Equifax has officially reached a settlement for its well-publicized 2017 data breach. The breach allowed hackers to access 145.5 million U.S. Equifax customers’ personal data, data that included their full names, Social Security numbers, birth dates, addresses, and driver license numbers.

According to an Equifax news release, the company agreed to the following terms in the settlement:

The $671 million resolution includes settlement agreements that would resolve the multi-district consumer class action litigation, as well as investigations by the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB), the Attorneys General of 48 states, Puerto Rico and the District of Columbia, and the New York Department of Financial Services (NYDFS).

If approved by the Court, a consumer restitution fund of up to $425 million will be available to pay for three-bureau credit monitoring for consumers whose information was impacted in the 2017 breach, actual out-of-pocket losses related to the breach, and other consumer benefits such as identity restoration services.

In the news release, Equifax was adamant about its commitment to protecting its customers from further attacks. Whether this proves to be a true statement or not remains to be seen, but the hefty payout is likely all the incentive they need to practice better cybersecurity methods. There are countless other targets of cybercriminals in the financial sector, and it would be wise for other companies to take note of Equifax’s mistakes.

A statement from Kathleen L. Kraninger, director of the U.S. Consumer Financial Protection Bureau, about this settlement underscored this very point. In the announcement on the Federal Trade Commission’s official website, Kraninger chastised Equifax for its negligence and also warned other companies in this quoted excerpt:

The incident at Equifax underscores the evolving cyber security threats confronting both private and government computer systems and actions they must take to shield the personal information of consumers. Too much is at stake for the financial security of the American people to make these protections anything less than a top priority.

The reality of this situation is that based on past history of corporate cybersecurity incidents, another Equifax-level breach will happen again someday. Consumers must be proactive in always being aware of what entities possess their data, and more importantly, never trust that a company can truly protect them from hackers looking for private data.

Featured image: Shutterstock

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Microsoft 365 administration: Configure your admin portal

Microsoft 365 is loaded with configurations, policies, and settings—some obvious, some buried. This Microsoft 365…

11 hours ago

Using Group Policy settings to enforce PowerShell execution policies

Setting PowerShell execution policies at the Group Policy level can greatly enhance your organization’s security.…

18 hours ago

Exchange 2013/2016/2019: Configure your receive connectors correctly

Ah, the good old days — when Exchange 2010 was king. But with each new…

2 days ago

CCPA and GDPR: Similarities and differences you must know

The GDPR and the CCPA are both aimed at protecting privacy. Although many similarities exist…

2 days ago

How to manage and automate Azure DevOps using Azure CLI

Azure DevOps is fast becoming the next big thing. This Azure DevOps Quick Tip shows…

4 days ago