Equifax has recently agreed to a settlement over its 2017 data breach that caused about 147 million people’s personal information, including names, birth dates, addresses, and social security numbers, exposed by the company. As part of the settlement, the company will pay at least $575 million, but this could rise to as much as $700 million depending on the amount of compensation people claim.
The company has agreed to provide free credit monitoring services to anyone affected for up to 10 years, as well as cash payments of up to $20,000 per person to refund any costs incurred as a result of the breach.
FTC Chairman Joe Simons said: “Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers. This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”
“This company’s ineptitude, negligence, and lax security standards endangered the identities of half the U.S. population,” New York Attorney General Letitia James said in a statement to Reuters.
As well as paying money out to anyone affected by the breach, Equifax has also agreed to a number of internal measures to prevent such a breach from happening again. For example, it has agreed to conduct an annual internal assessment of security risks, and to obtain a third-party assessment every two years.
The FTC has even set up a dedicated email for Equifax whistle-blowers to use if they don’t think the company is adhering to its data security obligations.