Credit reporting company will provide financial redress and implement preventative data security measures.
7/22/2019 14:00
Going on three years since the Equifax data breach, the company agreed to a settlement with the Federal Trade Commission, Consumer Financial Protection Bureau, 48 states, the District of Columbia, and Puerto Rico.
According to a news release from the FTC, Equifax Inc. agreed to pay at least $575 million, and potentially up to $700 million, as part of a global settlement with the FTC, the CFPB and the U.S. states and territories, “which alleged that the credit reporting company’s failure to take reasonable steps to secure its network led to a data breach in 2017 that affected approximately 147 million people.”
Equifax will also contribute $300 to a fund providing affected consumers with credit monitoring services.
Effects of the data breach affecting millions of consumers continue, including for small businesses in the accounts receivable management industry. It served as a reminder for businesses from five employees to 500 to improve their data security measures, reported on by Collector magazine Managing Editor Anne Rosso May in 2017.
In addition to the monetary relief to consumers, according to the FTC, Equifax is also required to create a comprehensive information security program with several requirements including:
- Designating an employee to oversee the information security program;
- Conducting annual assessments of internal and external security risks and implementing safeguards to address potential risks, such as patch management and security remediation policies, network intrusion mechanisms, and other protections;
- Obtaining annual certifications from the Equifax board of directors or relevant subcommittee attesting that the company has complied with the order, including its information security requirements;
- Testing and monitoring the effectiveness of the security safeguards; and
- Ensuring service providers that access personal information stored by Equifax also implement adequate safeguards to protect such data.
“This comprehensive settlement is a positive step for U.S. consumers and Equifax as we move forward from the 2017 cybersecurity incident and focus on our transformation investments in technology and security as a leading data, analytics, and technology company, “said Equifax CEO Mark W. Begor in a news release. "The consumer fund of up to $425 million that we are announcing today reinforces our commitment to putting consumers first and safeguarding their data – and reflects the seriousness with which we take this matter. We have been committed to resolving this issue for consumers and have the financial capacity to manage the settlement while continuing our $1.25 billion EFX2020 technology and security investment program. We are focused on the future of Equifax and returning to market leadership and growth."
Related Content from ACA International: