The Los Angeles Post

Equifax to pay up to $700M over data breach

by · Published · Updated

Equifax will pay $575 million in fines for the massive 2017 data breach that exposed sensitive information for 147 million people.

The sum is part of a settlement announced Monday morning with 50 U.S. attorneys general, the Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB).

The settlement requires Equifax to pay $300 million to a compensation fund for victims of the breach and could end up paying an additional $125 million if the fund runs out — meaning the company could end up paying as much as $700 million.

Equifax will also pay $175 million to a coalition of 50 states and territories, as well as $100 million to the CFPB.

“Equifax failed in its fundamental responsibility to safeguard consumers’ sensitive financial information,” Pennsylvania Attorney General Josh Shapiro (D) said in a statement. “Equifax knew that there were serious flaws in their system, but still they did not take appropriate steps to fix it. They left their system vulnerable to the biggest data breach in history and the financial futures of millions of Americans were put at risk–and it was entirely preventable.”

Attorneys general from 48 states, Washington, D.C., and Puerto Rico were involved in the settlement.

More than fines: The fines come nearly two years after Equifax first announced the breach in September 2017. Since then, the company has been dragged before Congress numerous times to explain its handling of the incident, which compromised Social Security numbers, names, dates of birth and home addresses.

The agreement outlined in the FTC’s complaint with a federal court in Georgia faults Equifax for failing to “provide reasonable security for the massive quantities of sensitive personal information stored within Defendant’s computer network.”

The settlement will require Equifax to implement a stronger cybersecurity program and submit to annual assessments of its protections. And starting in 2020 it will also have to provide consumers with six free credit reports a year for the next seven years.