Reuters reported that today the US regulatory authorities announced the credit agency Equifax will pay $650 million for a large-scale data breach in 2017. The applicants are the US Federal Trade Commission (FTC) and other regulatory agencies.
In its turn, Equifax confirmed in September 2017 that hackers used the unrepaired Apache Struts vulnerability in their system to launch an attack. As a result, the hackers stole credit history of 143 million users. The date includes name, social security number, date of birth, address, and drivers’ license number. Apart from this, analysts think credit card details of approximately 209,000 consumers in the United States and dispute documents involving 182,000 people may also be gone to the hands of intruders.
As for today, the credit company announced a settlement with US regulators. The settlement of the largest data breach in history will end the FTC, Consumer Financial Protection Committee (CFPB) and almost all state attorneys’ investigations of Equifax. Also, the pending class action against the company will also be resolved.
New York State Attorney General Letitia James said in a statement: ‘This company’s ineptitude, negligence, and lax security standards endangered the identities of half the U.S. population.’
How Much Will Equifax Pay?
Under the settlement agreement, the company will set up a $300 million compensation fund for injured consumers. Depending on usage, the fund may climb to $425 million. Consumers eligible for the fund must prove that they are victims or have established credit monitoring services after the incident. Equifax will pay a fine of $175 million to states and $50 million to CFPB.
Affected consumers will also be eligible for 10 years of free credit monitoring from Equifax. Equifax also agreed to make it easier for consumers to freeze their credit or to dispute inaccurate information in credit reports. Finally, Equifax also agreed to strengthen its security measures and allow third parties to regularly evaluate their policies.