Skip to main content

Equifax agrees to pay $700 million settlement for its 2017 data breach

Equifax has agreed to pay up to $700 million as part of a settlement agreement reached in regard to its 2017 data breach.

According to Reuters, the consumer credit reporting agency’s settlement is the “largest-ever settlement for a data breach” and effectively ends the investigations into the company by the Consumer Financial Protection Bureau (CFPB), the Federal Trade Commission (FTC), and “nearly all state attorneys general.”

The breakdown of the $700 million settlement is as follows: A total of $175 million in fines is to be paid to the states. The CFPB is expected to be paid $100 million. Finally, Equifax is expected to establish a “restitution fund” to help customers affected by the data breach. Reuters also reports that this fund will start at $300 million but can reach up to $425 million if needed. Furthermore, Equifax also agreed to strengthen its security and undergo regular policy reviews by a third party.

The Federal Trade Commission recently published a statement addressing the Equifax data breach settlement. The statement, titled “Summary of Benefits,” mostly addressed how the settlement directly affects consumers. According to the statement, settlement benefits can only be received by consumers who file a claim once the claims process has begun. (As of now, the claim process has not yet begun, and consumers cannot currently file a claim.)

Furthermore, the FTC’s Summary of Benefits outlines the kinds of benefits consumers can claim if they were affected by the 2017 Equifax data breach. However, it appears that there is one benefit that all U.S. consumers are eligible to receive from Equifax beginning in 2020:  “Six additional free credit reports per year for seven years from the Equifax website.” The other benefits are for those directly affected by the breach and include free identity theft protection services and credit monitoring, cash payments (up to $20,000 per person), and free identity restoration services.

The 2017 data breach was announced by Equifax in September of that year. It was a colossal breach that, according to the FTC, divulged the personal information of 147 million people. Equifax also published its own statement about the $700 million settlement. In the press release, Equifax describes the stipulations of its settlement agreement and includes the following statement from Equifax CEO Mark W. Begor:

“This comprehensive settlement is a positive step for U.S. consumers and Equifax as we move forward from the 2017 cybersecurity incident and focus on our … investments in technology and security as a leading data, analytics, and technology company … The consumer fund of up to $425 million … reinforces our commitment to putting consumers first and safeguarding their data — and reflects the seriousness with which we take this matter. We have been committed to resolving this issue for consumers and have the financial capacity to manage the settlement while continuing our $1.25 billion EFX2020 technology and security investment program.”

Editors' Recommendations

Anita George
Anita has been a technology reporter since 2013 and currently writes for the Computing section at Digital Trends. She began…
Data breach of unknown entity exposes private data of 80 million U.S. households
Stock photo of lock and data

Security researchers have recently discovered and reported an unprotected database that exposed the personal information of 80 million U.S. households to potential data security threats like identity theft.

According to PCWorld, a team of security researchers from a site known as vpnMentor discovered that the database contained unencrypted data that exposed information such as full street addresses, full names, ages, and dates of birth. Most unsettling was the fact that the data also included “exact longitude and latitude” locations for individuals. The researchers also reportedly found “coded references” to other pieces of personal information such as details on income, gender, marital status, and homeowner status. Interestingly though, the data only seems to expose the information of people ages 40 and older.

Read more
Houzz suffers a data breach, asks users to reset password
houzz app augmented reality view in my room 3d

Home improvement startup Houzz suffered informed its users on Thursday, January 31, that it suffered a data breach. The company has not provided details about the occurrence but contacted its users to encourage them to change their passwords as a precautionary measure to prevent accounts from being compromised.

Houzz informed its users of the breach via email, and additional details are available on the company's website. According to the company, a file containing user data was obtained by an "unauthorized third party." Houzz did not go into detail as to how the company was breached. It said that it is currently investigating the situation, with its internal team and a "leading forensics firm" looking into the specifics.

Read more
Data breach compromises 773 million records, 21 million passwords
bangladeshi bank heist foiled by spelling mistake internet hacking dark net

A given aspect of digital life is learning how to deal with situations in which you data becomes compromised; this is a fact that many individuals will have to deal with after the discovery of a data breach containing more than 773 million records. Discovered by security research and owner of Have I Been Pwned, Troy Hunt, the assemblage of documents is known as Collection No. 1 after it was found publically available online.

According to Hunt, the existence of Collection No. 1 was brought to his attention after multiple individuals reached out alerting him to its presence on the cloud storage site, Mega. When available, the massive gathering of data was spread across 12,000 separate folders and left a footprint of 87GB. Even after Mega had removed the data from its servers, another one of Hunt's contacts was able to point him to a popular hacking forum where the data was being distributed.

Read more