Equifax, a credit reporting bureau, will pay up to $700 million in fines and monetary relief to their consumers after a 2017 data breach.
What We Know:
- The Federal Trade Commission alleges that Equifax “failed to patch its network after being alerted in March 2017 to a critical security vulnerability” and that the company didn’t discover that its database was unpatched until four months later, when it detected suspicious traffic on its network, leaving it vulnerable to hackers.
- Affecting over 150 million people, the settlement was announced by the company Monday. There was a GIANT invasion of privacy with this breach — releasing millions of people’s information like Social Security numbers, driver’s license numbers, and even addresses. This made them easier to be accessed.
- Under the settlement, affected consumers will be eligible for free credit monitoring. Consumers who already have these services for at least six months can request a $125 cash payment. According to the FTC, Equifax will also be providing their customers with “six free credit reports each year for seven years” starting next January. This is in addition to the free annual credit reports that Equifax already provides.
- Consumer Financial Protection Bureau Director Kathleen Kraninger said the settlement will also include $425 million to cover the “time and money [people affected by the breach] spent to protect themselves from potential threats of identity theft or addressing incidents of identity theft as a result of the breach.”
- The company also agreed to pay up $175 million to the 48 states involved (including the District of Columbia and Puerto Rico) as well as $100 million to the CFPB in civil penalties.
- Consumers can also qualify for cash payments of up to $20,000 for the misuse of their personal information and for taking preventative steps such as placing or removing security freezes.
- Some groups think the settlement was not as strong as it could be. For example, the U.S. Public Interest Research Group said in a statement that “the shelf life of financial DNA is forever so this sounds like a sweetheart deal for a company that failed to do its basic job: protect consumer data.”
- However, some groups think that this was the right step to take like Justin Brookman, Director of Privacy and Technology Policy for Consumer Reports. In Brookman;s opinion, the FTC was able to make Equifax “spend a fair amount of money as far as improving security, paying for credit monitoring, and reimbursing consumers for their expenses.”
Overall, at least the consumers can get some kind of justice.