Equifax has agreed to settle its claims following the 2017 data breach that leaked the personal information of 147 million people. The data that they leaked they included names, dates of birth, addresses and social security numbers.
As part of the settlement, the company will have to pay at least 575 million dollars, but the amount could amount to 700 million dollars, depending on the amount of compensation claimed by the victims.
The company has agreed to provide free transaction monitoring services to all those affected for up to 10 years, as well as to pay cash up to $20.000 per person in compensation.
"Equifax has failed to take the key steps that could have prevented the breach affecting some 147 million consumers," said FTC President Joe Simons.
"This settlement requires the company to take steps to both improve the security of its data and ensure that consumers can get help protecting it from theft." identity and scams ".
"Negligence and lax safety standards threaten the identities of half the US population," New York Attorney General Letitia James told Reuters.
The violation, which was one of the worst in history of the US, was revealed in 2017 in September. Although the security team initially ordered it to correct the vulnerability, that never happened. The former CEO of the company later accused a single employee.
The continued existence of the vulnerability allowed hackers to access Equifax servers from where they could obtain the administrator credentials stored in plain text. So they were able to steal personal information of millions of people over the next few months.
Altogether, 147 names and birthdays of millions of people, 145,5 million social security numbers and 209.000 card numbers and expiration dates have leaked.
The Wall Street Journal reports that many of these people would not even be Equifax customers.
In addition to paying the money to everyone affected by the violation, Equifax also agreed to take more steps to avoid a similar incident.
For example, it agreed to carry out an internal security risk assessment every year and to receive a third-party assessment every two years.
The FTC created a page on her website to give more information to people who want to complain about Equifax
