The saga over the 2017 Equifax data breach continues. Word is, the company has settled out of court for up to $700 million.
The saga over the Equiax data breach started clear back in 2017. At the time, it was reported that 145 million people were affected by a massive data breach. We picked up the story in early 2018 when the breach worsened. As has often happened so many times before, drips of information just kept pouring in, worsening the breach more and more with a report from March of last year adding an additional 2.4 million to the breach. In all, 147 million were affected.
Naturally, legal problems weren’t far behind these technical problems. In September of last year, UK authorities fined the company £500,000. While that sounds like a tiny wrap on the wrist in the grand scheme of things, the thing to remember is that the breach took place before GDPR took place. That fine is actually the highest authority could legally fine them for.
By May of this year, the Indiana Attorney General filed a lawsuit against Equifax over breaches of privacy.
Earlier this month, things took a rather unusual turn for a data breach story when an executive was handed a prison sentence in relation to the breach. The reason why he was handed the sentence is because the executive in question obtained knowledge of the breach, then withheld it from the public. He apparently took that time to research what happens with stock prices in the event of a breach, then sold off his shares to avoid liability. After that, he allowed the data breach story to go public. For his actions, he was fined and handed a prison sentence for what amounts to insider trading.
If you thought the saga was over after all of this, think again. According to CNBC, Equifax has now settled out of court to the tune of up to $700 million. From the report:
Credit-reporting company Equifax will pay up to $700 million to settle U.S. federal and state probes into a massive 2017 data breach of personal information that affected around 147 million consumers, authorities said on Monday.
The largest-ever settlement for a data breach draws to a close multiple probes into Equifax by the Federal Trade Commission, the Consumer Financial Protection Bureau and nearly all state attorneys general. It also resolves pending class-action lawsuits against the company.
Equifax shares were up 1.2 percent at $138.88 in morning trading.
“This companys ineptitude, negligence, and lax security standards endangered the identities of half the U.S. population,” New York state Attorney General Letitia James said in a statement.
Under the settlement, the company will pay a $175 million fine to the states and $100 million to the CFPB.
The company will also establish a $300 million restitution fund for harmed consumers which could climb to $425 million depending on how many customers use it. While roughly half of all Americans saw their information compromised, the restitution fund is only available to consumers who can show they suffered direct costs from the breach, either as victims of fraud or by setting up credit-monitoring services.
The report goes on to detail ho consumers directly affected by the breach can be eligible for up to 10 years of free credit monitoring.
While all of this does sting the company, it’s not exactly crippling. Still, it’s just the latest example that if large corporations decide to take that risk and go lax on security protocols, then there is a price to be paid if anything were to go south. This case clearly demonstrates that.
Whether or not this is the end of the story, time will only tell. Either way, this is no doubt a saga Equifax wishes they can finally leave behind.
Drew Wilson on Twitter: @icecube85 and Facebook.