The Equifax credit bureau is expected to pay around $ 650 million to settle federal and state investigations and consumer claims related to data breaches that exposed sensitive information belonging to 145 million people, according to two people familiar with the settlement talks. ] The breach, which Equifax revealed in September 2017, included Social Security and Driver's License Numbers and was one of the most severe exposures of American personal data. It drew widespread condemnation from lawmakers, law enforcement agencies and consumers. It also prompted the abrupt departure of Equifax's chief executive and sent the company's stock price tumbling, though it has made most of its losses.
Attackers siphoned data out of Equifax's computer systems over the course of months through a known vulnerability that inadvertently went unpatched. Who stole the data remains unknown – the company and law enforcement officers have not publicly attributed the crime, and cybersecurity experts have not seen the data surface in the online forums where stolen personal data is often bought and sold
Most of the roughly $ 650 million payment would go to compensating consumers for the costs associated with the data breach, according to those familiar with the settlement talks
Plans for settlements were reported earlier by The Wall Street Journal
Equifax is facing a lighter financial penalty than some other corporate transgressors like Wells Fargo, who paid $ 1 billion last year to settle charges from federal regulators for forcing unnecessary products and fees on unwilling customers. Federal laws give the regulators the Federal Trade Commission, which has a primary oversight responsibility over data security, the limited ability to impose fines, which has become challenging as the number and severity of data breaches grow
Federal and state agencies – including the Federal The Trade Commission, the Consumer Finance Protection Bureau and at least 48 State Attorneys General – are expected to announce details of the settlement on Monday. One of the people familiar with the settlement said Equifax would be required to take measures to protect its data.
Under an earlier agreement with eight state regulators, Equifax had already agreed to comply with new rules aimed at making its data more (19659002) Wyatt Jefferies, a spokesman for Equifax, has declined to comment on the issue of security, including the conduct of security audits at least once a year, developing written data protection policies and guides, more closely monitoring its external technology vendors.
"It's a step, but it's just inadequate," said Ed Mierzwinski, senior director of the US.
Critics of Equifax questioned whether settlement would be good enough to properly compensate consumers. PIRG, a consumer advocacy group. "Equipax, based in Atlanta, is one of the three largest credit reporting offices alongside Experian and TransUnion."
Equifax, based in Atlanta, is one of the three largest credit reporting offices alongside Experian and TransUnion. It records records of hundreds of millions of people worldwide and delivers about two billion consumer files each year to lenders and other companies seeking information on those taking out mortgages, auto loans, credit cards and other financial products.
The company was widely criticized in the days after he revealed his data breach for his slow and haphazard response, which included accidentally pointing people towards a fake version of his own information website on breach and struggling to keep up with the volume of messages and phone calls from outraged consumers.
Equifax's current chief executive, Mark Begor, and former private equity firm
has been bailing out the company, including Richard Smith, who was his chief executive at the time of the breach, for his missteps. who joined the company last year, said in a recent interview with The New York Times that he was working to make the company more secure and more consumer-friendly
"I want to treat customers the way I wanted to be treated , "He said. "
" Law enforcement and cybersecurity experts have not detected direct fraud against consumers as a result of Equifax's lapse, but the risk will linger. "
" It really does not matter that no one has owned it to this, "Mr. Mierzwinski said. "The information is out there. Your financial DNA is like gold. It can sit in a thieves' vault for years and still be valuable. "