Equifax is set to pay a reported $700 million in fines and other monetary relief in order to settle a 2017 data breach that affected approximately 150 million people. While it awaits regulator approval in federal court, the proposed settlement was officially announced on Monday by not only the credit reporting company but also the Federal Trade Commission, the Consumer Financial Protection Bureau, the lower 48 states, and the District of Columbia, as well as Puerto Rico.
Apparently, the breach exposed consumer data including the likes of Social Security numbers, birth dates, and local addresses. In some, but not all, cases, driver’s license numbers may have also been exposed. Actually, the FTC alleges that Equifax “failed to patch its network after being alerted in March 2017 to a critical security vulnerability” and, furthermore, did not discover this oversight for at least four months; and only then it was because they detected suspicious traffic on their network.
According to CFPB Director Kathleen Kraninger, the $700 million figure includes $425 million to cover the “time and money spent [by those affected] to protect themselves from potential threats of identify theft or addressing incidents of identity theft as a result of the breach.”
In addition to this—what essentially counts as restitution—Equifax has also agreed to pay $175 to the states affected as well as $100 million to the CFPB, as civil penalties.
But on top of these fines, the FTC has instructed Equifax to increase the number of free credit reports available to all US consumers to six per year, for at least seven years. This is in addition to the free annual credit report that Equifax—along with the other two national credit reporting agencies (Experian and TransUnion)—currently offers.
As part of the announcement, the FTC notes, “Equifax failed to take basic steps that may have prevented the breach. This settlement requires that the company take steps to improve its data security.”
In response, Equifax appears quite cooperative, noting that the settlement is a “positive step for US consumers.” Accordingly, Chief Executive Officer Mark Begor comments the fund essentially reinforces the agency’s commitment to prioritizing consumer data while simultaneously reflecting their serious attention to solving the matter.