News Insights: Equifax will pay up to $700 million to settle data breach lawsuits

Equifax will pay up to $700 million to settle data breach lawsuits

Equifax will pay up to $700 million to settle data breach lawsuits

Consumers may be eligible for up to $20,000 in cash payments, as well as up to 10 years of free credit monitoring



According to Syed Abdur, Director of Products for Brinqa,“This week Equifax reached a $700 million dollar agreement to settle federal and state investigations stemming from its handling of the 2017 data breach. Almost two years from the breach and disclosure, this should serve as a reminder to organizations that cyber risk management is no longer a niche, technical concern. If not addressed appropriately at an organizational level, it can have far reaching, damaging consequence. In September 2017, the credit rating agency announced that hackers had exploited a web application vulnerability to gain access to personal and confidential information for nearly 150 million people. The compromised data included social security numbers, birth dates, addresses, driver’s license numbers, and credit card information. The unauthorized access began in mid-May and continued through July. The extent and severity of the breach and the lack of an appropriate response from Equifax resulted in serious consequences for the business. The handling of the breach and subsequent disclosure and response drew outrage from the public and likely caused significant damage to the Equifax brand. Several key executives including the CEO “retired” in the weeks and months following the disclosure. The company faced more than 240 class action lawsuits and investigations from state and federal agencies, including the Federal Trade Commission (FTC) and the Securities and Exchange Commission (SEC). Equifax reported that during the third quarter of 2017, it recorded $87.5 million for expenses related to the breach. While a web application vulnerability was the cause of the breach, the extensive damage to the business was a result of its inability to understand and manage enterprise cyber risk.”