After exposing the personal information of almost 150m consumers back in 2017, the credit reporting agency Equifax has reached a deal with US state and federal regulators in which it will pay $700m to settle probes into its data breach.
To date this is the largest settlement ever paid for a data breach and the company will pay to close multiple probes by the Federal Trade Commission, the Consumer Financial Protection Bureau (CFPB) and the state attorneys of 48 states.
- Equifax data breach: how to find out if you're affected
“Equifax put profits over privacy and greed over people, and must be held accountable to the millions of people they put at risk," New York Attorney General Letitia James explained in a statement.
- 90 percent of data breaches are caused by human error
- The true cost of a data breach
- A third of businesses can't protect themselves from data breaches
"This company’s ineptitude, negligence, and lax security standards endangered the identities of half the U.S. population. Now it’s time for the company to do what’s right and not only pay restitution to the millions of victims of their data breach, but also provide every American who had their highly sensitive information accessed with the tools they need to battle identity theft in the future.”
Under the settlement, Equifax will pay a $175m fine to the states and $100m to the CFPB. The company will also be required to establish a $300m restitution fund for consumers affected by the data breach which could end up being as high as $425m depending on how many people actually use it.
The 2017 data breach saw the information of almost half of US consumers compromised but the restitution fund will only be available to those who can prove they suffered direct costs as a result of the breach. This could be either as victims of fraud or from having to set up credit-monitoring services.
Consumers affected by the breach will be eligible for 10 years of free credit monitoring from Equifax and the company has also agreed to make it easier for consumers to freeze their credit or to dispute inaccurate information found in their credit reports.
Going forward, Equifax will strengthen its own security practices and its policies will be assessed regularly by a third party.
- We've also highlighted the best anti-malware software
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.