Equifax Data Breach: Four Charged, Company Expected to Pay $100 Million Drew Wilson | February 18, 2020 The Justice Department has charged 4 Chinese hackers over the data breach. This as Equifax faces paying an additional $100 million. It’s been a long road for Equifax with regards to the data breach. The breach saw executive’s facing jail time, a settlement of $700 million, controversy over the settlements for victims, and fines in the UK. Roughly 145 million people were affected by the breach and it seems that the story we first brought you in February of 2018 is only continuing. Recently, the US Justice Department have charged 4 Chinese hackers over the breach. The indictment in question contains 9 charges. From TechCrunch: The nine-charge indictment was announced Monday against Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei. The Justice Department said the four work for the Chinese People’s Liberation Army. The hackers are said to be part of the APT10 group, a notorious Beijing-backed hacking group that was previously blamed for hacking into dozens of major U.S. companies and government systems, including HPE, IBM and NASA’s Jet Propulsion Laboratory. Attorney general William Barr said it was the latest in a long line of cyberattacks launched by China, which also included the targeting of health insurance giant Anthem, the Marriott Starwood hotel breach and the U.S. Office of Personnel Management. “This is the largest theft of sensitive personal identifiable information by state-sponsored hackers ever recorded,” said FBI deputy director David Bowdich, at a presser in Washington, DC. “Today, we hold [the Chinese military] hackers accountable for their criminal actions, and we remind the Chinese government that we have the capability to remove the internet’s cloak of anonymity and find the hackers that nation repeatedly deploys against us,” said Barr. In a separate report, Equifax has admitted that they will be earmarking an additional $100 million to pay for more of the fallout of the data breach. The additional funding is supposed to, in part, help pay for the offered cash settlements. From HousingWire: In fact, the credit reporting agency disclosed this week that it expects to pay out an additional $100 million for its role in the breach. Last year, the company set aside then agreed to pay out nearly $700 million to settle numerous federal and state investigations. But the company revealed this week in its fourth-quarter earnings report that it set aside another $99.6 million in the fourth quarter for “certain legal proceedings and government investigations related to the 2017 cybersecurity incident.” According to the company, it believes this accrual will cover the remainder of its expected payouts for the breach. More specifically, the company said it “represents completed settlements and our best estimate of remaining liabilities for the U.S. matters related to the 2017 cybersecurity incident.” All in all, the company set aside just over $800 million for breach-related payouts in 2019, which does not include the company’s legal or professional services expenses. The article goes on to say that the breach has cost Equifax $1.14 billion in 2019. This includes increasing the security to try and prevent future incidences like this from happening again. All we’re left with wondering is if this long and winding road will ever end. We are now three years into this story (counting the time it took to disclose the breach in the first place) and we are still seeing fallout from this story. This is all because the company simply failed to properly secure their information. Since it housed so much data in the first place, of course all eyes are on this story. In a way, seeing this, it’s kind of remarkable that some companies would still shrug at the idea of security and think that “it will never happen to me”. Drew Wilson on Twitter: @icecube85 and Facebook.