Latest in Gear

Image credit: AP Photo/Mike Stewart

Equifax settlement for data breach will only cost it $4 per person

There are concerns the penalty is just a drop in the bucket.
775 Shares
Share
Tweet
Share
Save

Sponsored Links

AP Photo/Mike Stewart

The reports of an impending Equifax settlement were true. The company has agreed to settle with the Federal Trade Commission, the Consumer Financial Protection Bureau, attorneys general and New York's Department of Financial Services over its massive 2017 data breach. It will pay between $575 million to $700 million to victims, states and regulators, including a restitution fund that will pay up to $425 million to provide credit monitoring for up to 10 years. About $300 million is guaranteed for the monitoring payout, with $125 million more waiting if that initial amount runs low.

Equifax already has a free lifetime credit lock service and said it had been providing free monitoring since September 2017.

The deals also have Equifax implementing measures to reduce the impact of potential theft. It will make it easier to both freeze and thaw credit as well as dispute inaccuracies in credit reports. The firm will also need "sufficient staff" to help customers who might be victims of identity theft. There will be "regular" third-party assessments to verify that its protections are strong enough to honor the terms of the settlement.

The company has made multiple changes in a bid to improve its security practices. It reorganized its security team with a dedicated Chief Security Officer, ensured encryption of personal info, implemented stricter security verification methods and started conducting regular monitoring and testing, among other changes.

A court will need to approve the arrangement. If cleared, it'll represent the largest data breach settlement in history, according to the New York Attorney General's office.

While that sounds significant, there are concerns that the payout will be trivial compared to the impact on the 143 million affected people. As Fast Company explained, the $575 million minimum amounts to just over $4 per victim -- that wouldn't even begin to cover the damage if a fraudster exploited sensitive data like Social Security and credit card numbers. New Jersey Representative Frank Pallone said the figure "shows the limitations" of the FTC's ability to demand strong punishment and compensation. While Equifax may be more secure than it was in 2017, it's not necessarily accepting the full consequences of its past actions.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
775 Shares
Share
Tweet
Share
Save

Popular on Engadget

The best consoles, games and accessories for students

The best consoles, games and accessories for students

View
Sony and Yamaha are making a self-driving cart for theme parks

Sony and Yamaha are making a self-driving cart for theme parks

View
Trump tries to overturn ruling stopping him from blocking Twitter users

Trump tries to overturn ruling stopping him from blocking Twitter users

View
Divorce dispute leads to accusation of crime in space

Divorce dispute leads to accusation of crime in space

View
Scientists bioprint living tissue in a matter of seconds

Scientists bioprint living tissue in a matter of seconds

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr