Equifax has agreed to settle its outstanding claims following the 2017 data breach, which resulted in 147 personal data leaked to millions of people. The data leaked included names, birthdates, addresses, and social security numbers.
As part of the settlement, the company will have to pay at least 575 million dollars, but the amount could amount to 700 million dollars, depending on the amount of compensation claimed by the victims.
The company has agreed to provide free transaction monitoring services to all those affected for up to 10 years, and to pay up to $20.000 cash per person in damages.
"Equifax has failed to take the key steps that could have prevented the breach affecting some 147 million consumers," said FTC President Joe Simons.
"This settlement requires the company to take steps to both improve its data security and ensure that consumers can get help protecting themselves from theft identity and scams".
“Negligence, and lax standards security threaten the identity of half the US population," New York Attorney General Letitia James added in a statement to Reuters.
The violation, which was one of the worst in history of the US, was revealed in 2017 in September. Although the security team initially ordered it to correct the vulnerability, that never happened. The former CEO of the company later accused a single employee.
The continued existence of the vulnerability allowed hackers to gain access to Equifax's servers where they were able to obtain administrator credentials stored in plain text. This is how they were able to steal personal information of millions of people during duration of the coming months.
Altogether, 147 names and birthdays of millions of people, 145,5 million social security numbers and 209.000 card numbers and expiration dates have leaked.
The Wall Street Journal reports that many of these people would not even be Equifax customers.
In addition to paying the money to everyone affected by the violation, Equifax also agreed to take more steps to avoid a similar incident.
For example, it agreed to carry out an internal security risk assessment every year and to receive a third-party assessment every two years.
The FTC created a page on her website to give more information to people who want to complain about Equifax
