US Credit-monitoring company Equifax would be paying up to $700 million to US regulators, states and consumers as a fine to settle lawsuits regarding 2017 massive data leak of personal information of about 147 million people. The record-breaking settlement amount could even go over $700 million.
The actions include a settlement with 50 US states and territories, the Federal Trade Commission, and the Consumer Financial Protection Bureau. Besides, the state of Indiana and Massachusetts have filed their own independent case against the company, and the company might pay to have to more depending on the breach in the two states.
The settlement finalised on Monday included $175 million monetary compensation for the states, a $100 million civil penalty, and $300 million compensation to consumers for damages over breach, and $125 million more in case of restitution if any. Besides, the company would also provide consumers with six free credit reports per year, in addition to the one which it already offers, for the next seven years.
In 2017, the company did not fix a security lag for over six weeks, which lead to data leak including theft of consumer identity, Social Security number, birth dates, addresses, driver license numbers, credit card numbers and in some cases, even information from passports.
“Companies that profit from personal information have an extra responsibility to protect and secure that data,” said Federal Trade Commission Chairman Joe Simons. “Equifax failed to take basic steps that may have prevented the breach.”
The massive hack led to the immediate removal of Equifax’s then-CEO and many other executives.
The settlement which is one of the largest ever imposed still is considered insignificant to compensate for the leaked data which could be available on the internet for decades. “When you have 150 million people who are affected, this settlement is only really giving $2 or $3 per person,” says Marcus Christian, a cybersecurity-focused litigation partner at the firm Mayer Brown.
Equifax CEO Mark Begor said in a statement that the settlement “reinforces our commitment to putting consumers first and safeguarding their data.”