Equifax Agrees to Settle After 2017 Data Breach That Leaked Personal data 147 million people. The leaked data included names, dates of birth, addresses and social security numbers.
As part of the settlement, the company will have to pay at least 575 million dollars, but the amount could amount to 700 million dollars, depending on the amount of compensation claimed by the victims.
The company has agreed to provide free transaction tracking services to anyone who has suffered up to 10 years, and to pay up to $ 20.000 dollars per person for compensation.
"Equifax has failed to take the key steps that could have prevented the breach affecting some 147 million consumers," said FTC President Joe Simons.
"This arrangement requires the company to take steps to improve the security of its data but also to ensure that consumers can receive help to protect themselves from identity theft and fraud."
“Negligence, and lax standards security threaten the identity of half the US population," New York Attorney General Letitia James added in a statement to Reuters.
The violation, which was one of the worst in history of the US, was revealed in 2017 in September. Although the security team initially ordered it to correct the vulnerability, that never happened. The former CEO of the company later accused a single employee.
The continued existence of vulnerability allowed them hackers have access to Equifax servers from where they were able to obtain administrator credentials that were stored in plain text. So they were able to steal the personal information of millions of people over the next few months.
Altogether, 147 names and birthdays of millions of people, 145,5 million social security numbers and 209.000 card numbers and expiration dates have leaked.
Wall Street journal reports that many of these people wouldn't even be Equifax customers.
In addition to paying the money to everyone affected by the violation, Equifax also agreed to take more steps to avoid a similar incident.
For example, it agreed to carry out an internal security risk assessment every year and to receive a third-party assessment every two years.
The FTC created a page on her website to give more information to people who want to complain about Equifax
