Skip to main content
close search
site logo
Dive Brief

Equifax to pay up to $650M in 'largest data breach settlement in history'

Published July 22, 2019
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Getty / edited by Industry Dive

Dive Brief:

  • Equifax is set to pay up to $650 million in "the largest data breach settlement in history," according to an announcement from the office of the New York Attorney General Letitia James. 
  • The credit firm's settlement includes up to $425 million in consumer restitution, $175 million to states and $50 million to the Consumer Financial Protection Bureau (CFPB). About $300 million of the consumer restitution fund is dedicated to compensation with another $125 million "available if initial funds are depleted." 
  • The settlement fines were determined after probes by the Federal Trade Commission (FTC), the CFPB and a "coalition of 50 Attorneys General." "Equifax put profits over privacy and greed over people, and must be held accountable to the millions of people they put at risk," James said in the announcement.

Dive Insight:

In 2017, hackers exploited an unpatched flaw on Equifax's website, gaining access to 148 million U.S. consumer records through the vulnerability. The web application had a patch available as early as March 6, 2017, about two months before it was exploited. 

In the days leading up to the breach's disclosure in September, Equifax's leadership sold a collective $1.8 million worth of sharesThe company has since overhauled its leadership, with its CIO and CISO retiring immediately after the breach was announced. 

In testimony on the Hill last year, former CIO Graeme Payne said the credit firm's "aggressive growth strategy" contributed to the "complexity" of its IT system, and therefore an insufficient security posture. Equifax was operating on custom-built IT systems and legacy systems, including one from the 1970s. 

The rapid expansion of Equifax's business ultimately left the company vulnerable to security flaws. But it was the actions taken by executives that drew further investigation and condemnation. 

The FTC launched its investigation almost immediately after the breach was disclosed in September 2017. The agency has since sought greater authority in data privacy protections.

Equifax is beholden to the largest data breach fine in U.S. history, though Facebook's Cambridge Analytica scandal resulted in a larger overall settlement. Facebook's FTC fine answered to intentional actions, as opposed to Equifax's negligent ones. The social network's reported $5 billion penalty is a warning for future data privacy infringements.

Recommended Reading

Filed Under: Security, Corporate

Editors' picks

Company Announcements

View all | Post a press release
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
truCX Launches Groundbreaking Partner Portal, Empowering CX Consultants and Trusted Advisors w…
From truCX
October 30, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell