Latest in Gear

Image credit: AP Photo/Mike Stewart

Equifax settlement for data breach will only cost it $4 per person

There are concerns the penalty is just a drop in the bucket.
776 Shares
Share
Tweet
Share
Save

Sponsored Links

AP Photo/Mike Stewart

The reports of an impending Equifax settlement were true. The company has agreed to settle with the Federal Trade Commission, the Consumer Financial Protection Bureau, attorneys general and New York's Department of Financial Services over its massive 2017 data breach. It will pay between $575 million to $700 million to victims, states and regulators, including a restitution fund that will pay up to $425 million to provide credit monitoring for up to 10 years. About $300 million is guaranteed for the monitoring payout, with $125 million more waiting if that initial amount runs low.

Equifax already has a free lifetime credit lock service and said it had been providing free monitoring since September 2017.

The deals also have Equifax implementing measures to reduce the impact of potential theft. It will make it easier to both freeze and thaw credit as well as dispute inaccuracies in credit reports. The firm will also need "sufficient staff" to help customers who might be victims of identity theft. There will be "regular" third-party assessments to verify that its protections are strong enough to honor the terms of the settlement.

The company has made multiple changes in a bid to improve its security practices. It reorganized its security team with a dedicated Chief Security Officer, ensured encryption of personal info, implemented stricter security verification methods and started conducting regular monitoring and testing, among other changes.

A court will need to approve the arrangement. If cleared, it'll represent the largest data breach settlement in history, according to the New York Attorney General's office.

While that sounds significant, there are concerns that the payout will be trivial compared to the impact on the 143 million affected people. As Fast Company explained, the $575 million minimum amounts to just over $4 per victim -- that wouldn't even begin to cover the damage if a fraudster exploited sensitive data like Social Security and credit card numbers. New Jersey Representative Frank Pallone said the figure "shows the limitations" of the FTC's ability to demand strong punishment and compensation. While Equifax may be more secure than it was in 2017, it's not necessarily accepting the full consequences of its past actions.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
776 Shares
Share
Tweet
Share
Save

Popular on Engadget

Former Apple exec claims the company spied on his text messages

Former Apple exec claims the company spied on his text messages

View
Waze can warn you about unplowed roads during winter

Waze can warn you about unplowed roads during winter

View
Google Fi will warn you about spam calls

Google Fi will warn you about spam calls

View
'Babylon's Fall' trailer reveals a painterly hack-and-slash from PlatinumGames

'Babylon's Fall' trailer reveals a painterly hack-and-slash from PlatinumGames

View
Oculus Link beta is ready to turn your Quest into a PC VR headset

Oculus Link beta is ready to turn your Quest into a PC VR headset

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr