Equifax to pay $671M to settle massive 2017 data breach mess

Equifax has officially reached a settlement for its well-publicized 2017 data breach. The breach allowed hackers to access 145.5 million U.S. Equifax customers’ personal data, data that included their full names, Social Security numbers, birth dates, addresses, and driver license numbers.

According to an Equifax news release, the company agreed to the following terms in the settlement:

The $671 million resolution includes settlement agreements that would resolve the multi-district consumer class action litigation, as well as investigations by the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB), the Attorneys General of 48 states, Puerto Rico and the District of Columbia, and the New York Department of Financial Services (NYDFS).

If approved by the Court, a consumer restitution fund of up to $425 million will be available to pay for three-bureau credit monitoring for consumers whose information was impacted in the 2017 breach, actual out-of-pocket losses related to the breach, and other consumer benefits such as identity restoration services.

In the news release, Equifax was adamant about its commitment to protecting its customers from further attacks. Whether this proves to be a true statement or not remains to be seen, but the hefty payout is likely all the incentive they need to practice better cybersecurity methods. There are countless other targets of cybercriminals in the financial sector, and it would be wise for other companies to take note of Equifax’s mistakes.

A statement from Kathleen L. Kraninger, director of the U.S. Consumer Financial Protection Bureau, about this settlement underscored this very point. In the announcement on the Federal Trade Commission’s official website, Kraninger chastised Equifax for its negligence and also warned other companies in this quoted excerpt:

The incident at Equifax underscores the evolving cyber security threats confronting both private and government computer systems and actions they must take to shield the personal information of consumers. Too much is at stake for the financial security of the American people to make these protections anything less than a top priority.

The reality of this situation is that based on past history of corporate cybersecurity incidents, another Equifax-level breach will happen again someday. Consumers must be proactive in always being aware of what entities possess their data, and more importantly, never trust that a company can truly protect them from hackers looking for private data.

Featured image: Shutterstock

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Find what you need: Using PowerShell to parse Windows log files

There’s a lot of information in log files. Maybe too much information. Use PowerShell to…

13 hours ago

How to quickly check the status of all your Azure services

Error messages don’t always tell you what caused the problem with Azure.. Azure services status…

16 hours ago

Future-proofing operations with AI-powered predictive analytics

Is your organization faced with making tough decisions about staffing, remote work, and other matters?…

19 hours ago

3 startups leveraging the power of AI to modernize enterprises

With artificial intelligence, there’s no looking back. And these forward-looking startups are at the leading…

2 days ago

Mental health patients blackmailed following major hack in Finland

There are fewer things more evil than blackmailing patients of a psychotherapy clinic. But this…

2 days ago

Attracting IT pros with great tech talent in the time of COVID-19

COVID-19 has forced many to shelter-in-place — including IT pros who might otherwise look for…

2 days ago