A recent article from the Wall Street Journal reported that credit reporting company Equifax is closing a deal that will pay around $700 million to settle a data breach probe with the US.
2017 data breach finally nears settlement
WSJ quoted people familiar with the matter that Equifax is about to close the deal to settle the probe with the Consumer Financial Protection Bureau, Federal Trade Commission, and a majority of state attorneys general. The company did not comment.
The breach in question goes back to 2017 when the data of $143 million people worldwide were leaked. The amount to be paid by the company will depend on the number of claims filed by the consumers. However, the settlement could be announced on Monday, which may see the company making changes to how it protects and handles data of its consumers. The fund will be established to compensate the consumers for the harm they have suffered because of the breach.
The big data breach that rocked the US
The breach was revealed in September 2017 and revealed the driver’s license numbers as well as the Social Security numbers of consumers. It is one of the biggest and most severe data exposures in the US, which led to Equifax becoming the center of criticism from numerous lawmakers, law enforcement agencies as well as consumers.
After the event was revealed, the chief executive of the company had to say an abrupt goodbye to the company and led to a huge downfall in their stock. Interestingly, the breach wasn’t a one-time leak. The attackers were able to siphon data out of the Equifax computer systems for months while exploiting a software vulnerability that remained unpatched during the course of the hack.
The payment made by the company is in line with the company’s expectations. It even reported having set aside about $690 million in a recent financial filing. It has already reported spending hundreds of millions of dollars in improving its technology systems to ensure that they do not fall victim to another such instance in the future.
While the company is moving towards a settlement, the identity of the hackers is still unknown. There have been no known attempts to bring the data up on online forums where such information is sold. Both cybersecurity experts and law enforcement officials have failed to define who stole the data and why.
