Some of you will recall that credit agency Equifax suffered a major data breach in 2017. The incident went through a long investigation while federal authorities worked to figure out if the company would be required to pay a fine. The Federal Trade Commission has ruled that it does need to pay a fine and Equifax will now be required to pay up to $700 million as part of a settlement with federal authorities.
The FTC said today that Equifax has agreed to initially pay at least $575 million in fines as part of this settlement with the federal government and states because of its “failure to take reasonable steps to secure its network” which resulted in the massive breach.
The data breach had allowed hackers to steal credit files on 147 million Americans in addition to many British and Canadian nationals as well. The compromised information included Social Security numbers, payment card records, and dates of birth.
Equifax was strongly rebuked for its failure to roll out publicly released patches on its network before the data breach took place. A House Oversight Committee had found that the data breach was “entirely preventable.” This is now the largest fine ever issued by the FTC. Equifax will also be required to improve its data security going forward as part of this settlement and will be required to undertake third-party assessments every two years.