Equifax to Pay $575m in Data Breach Settlement
In a settlement between Equifax and the United States, the Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB), Equifax will pay $575 million for damages related the to 2017 data breach, according to today’s press release.
The allegations against Equifax claimed that the company failed to take “reasonable steps to secure its network led to a data breach in 2017 that affected approximately 147 million people,” the release stated.
“In its complaint, the FTC alleges that Equifax failed to secure the massive amount of personal information stored on its network, leading to a breach that exposed millions of names and dates of birth, Social Security numbers, physical addresses, and other personal information that could lead to identity theft and fraud.”
The settlement could potentially cost a total of $700 million given that the agreement mandates that Equifax implement a comprehensive information security program.
“I’m far from an Equifax apologist, but the truth is it could have been anyone. It’s not an excuse but rather the reality we live in. The best outcome isn’t Equifax making the situation right – although that is important for all of those affected – it’s everyone else learning that the price to be paid outweighs the inconvenience of ensuring proper measures are taken to secure the data that puts them at risk in the first place,” said Adam Laub, CMO, STEALTHbits Technologies.
“And it’s got to be from the ground up too. There’s no silver bullet. There’s no one thing that mitigates the exposure. A multilayered, multifaceted approach is critical to making the juice not worth the squeeze for bad actors looking to score quickly and easily.”
One of the largest data breaches on record, the Equifax breach exposed the personal data of millions of people, much of which is likely still being used in account takeover (ATO) attacks, which is one reason Colin Bastable, CEO, Lucy Security, said, “We need a consumer compensation fund, into which all of these fines are paid, for disbursement to long-abused US consumers. And maybe we could rein in the credit reporting industry – if they did not collect and sell our personal financial data, we would not be in this mess.”
Source: Information Security Magazine