Face of Nation : Credit-reporting company Equifax Inc (EFX.N) will pay up to $700 million to settle U.S. federal and state probes into a massive 2017 data breach of personal information that affected around 147 million consumers, authorities said on Monday.
The largest-ever settlement for a data breach draws to a close multiple probes into Equifax by the Federal Trade Commission, the Consumer Financial Protection Bureau and nearly all state attorneys general. It also resolves pending class-action lawsuits against the company. Equifax shares were up 1.2 percent at $138.88 in morning trading.
“This company’s ineptitude, negligence, and lax security standards endangered the identities of half the U.S. population,” New York state Attorney General Letitia James said in a statement. Under the settlement, the company will pay a $175 million fine to the states and $100 million to the CFPB.
The company will also establish a $300 million restitution fund for harmed consumers which could climb to $425 million depending on how many customers use it. While roughly half of all Americans saw their information compromised, the restitution fund is only available to consumers who can show they suffered direct costs from the breach, either as victims of fraud or by setting up credit-monitoring services. Affected consumers will also be eligible for 10 years of free credit monitoring from Equifax, and the company agreed to make it easier for consumers to freeze their credit or dispute inaccurate information in credit reports.
Regulators on Monday said Equifax broke laws protecting consumers from unfair and deceptive practices by failing to provide reasonable security for the massive quantities of sensitive personal information it stored, and by deceiving consumers about the strength of its data security program
Equifax, one of three major credit-reporting companies, disclosed in 2017 that a data breach had compromised the personal information, including Social Security numbers, of 143 million Americans. Including Canadian customers, around 147 million consumers were affected in total.
The hackers behind the breach have never been identified by authorities. The scandal sent the company into turmoil, leading to the exit of its then-chief executive, Richard Smith, as slowness to disclose the breach and security practices were challenged by lawmakers and policymakers.
They questioned how private companies could amass so much personal data, setting off efforts to bolster consumers’ ability to protect and control their information. The Senate Banking Committee is currently working on legislation that would require companies to better protect consumer data.