Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Equifax to pay $700 million for breach of 140 million Americans' data

Last updated

Credit reporting agency Equifax has reached a deal to pay upwards of $700 million to state and federal regulators to settle probes related to a data breach that exposed personal information of over 140 million people.

In 2017, Equifax had admitted that hackers had gained access to personal information of 143 million Americans in a data breach. The 2017 Equifax data breach was the largest hack in US history.

Hackers had exploited a security flaw in a tool designed to build web applications. Equifax admitted that it had been aware of the flaw a full two months before hackers had accessed its data, and did nearly nothing to stop the intrusion.

The information stolen included names, birthdays, addresses, as well as driver's license and social security numbers. Those who purchased iPhones may have been affected, as Apple's U.S. loan partner for the iPhone Upgrade Program is Citizens Bank — a company that has utilized Equifax in the past.

The Federal Trade Commission announced on Monday that Equifax will need to pay $300 million to $425 million to compensate people who used credit monitoring services. There is a cap on the fund, however, and when it is depleted, there will be no more payments doled out.

Additionally, Equifax will pay $275 million in penalties and compensation to 48 states, Washington, Puerto Rico, and the Consumer Financial Protection Bureau. It isn't presently clear how the funds will be paid, however.

The US Federal Trade Commission declared that Equifax violated its prohibition against deceptive practices, failing to safeguard peoples' personal information despite claiming that it implemented "reasonable physical, technical and procedural safeguards."

"Companies that profit from personal information have an extra responsibility to protect and secure that data," said FTC Chairman Joe Simons. "Equifax failed to take basic steps that may have prevented the breach."

Equifax will also be required to change how they handle private user data. The company will have to adjust its information security protocols, implement annual assessments of security risks, and receive certification attesting that the company has complied with the FTC order.



30 Comments

🕯️
fruitstandninja 11 Years · 104 comments

That is not enough. That’s only $5 per American and this type of negligence can cause so much more financial issues for them. Then, the Americans that were impacted don’t even get the money.  

Edit: Because math is hard. 

🌟
hodar 14 Years · 366 comments

Essentially, you gathered personal, private and confidential information about the consumer - without their express permission; then you used sloppy housekeeping and allowed that data to be stolen.  The cost to individual consumers in time, money and personal security far outweighs the fine assessed by the Gov't.

Lets START at $10,000 per customer, and see what additional security can be put in place with that type of fine.

mazda 3s 16 Years · 1598 comments

WTF kinda of "settlement" is this? They get hit with $700 million for far more dangerous and life-impacting activities than Facebook's $5 billion fine. You voluntarily sign up for Facebook -- your credit history, SSN, etc. are mandatory requirements.

🌟
mrboba1 13 Years · 274 comments

That is not enough. That’s only $50 per American and this type of negligence can cause so much more financial issues for them. Then, the Americans that were impacted don’t even get the money.  

Not $50 - it's 5 per person of this 140 million Americans.

🕯️
scottjd 11 Years · 64 comments

300 mill to 425 mill for 143 mill people affected, That’s a whole $2.10 to $3.03 per person, wow. Yea, that will help me monitor my credit that took years to build up a FICO score over 800 and affects my auto insurance costs and deposits on utilities. My credit that I now have to monitor for years since anyone who stole my info would wait 5 or 10 years before selling it. The info that would allow some to commit fraud as me, open fake accounts, even steal my ID or gain access to current accounts with the data stolen. $3 will defiantly save me, thanks. ——— Meanwhile 275 mill to 48 states, Washington, Puerto Rico, and consumer financial protection bureau get about 5.4 mill each based on fines. Seems the government and states benefit more from this. They better give me free legal services when I’m fighting to get my ID back and fix all the fraud charges committed against me. What am I saying......that won’t happen.