Equifax’s data breach costs £644m
Credit score group Equifax will be liable for £644m ( 800m) as part of a record US settlement following a 2017 hack that exposed the data of 150m people whose information the agency tracks.
The settlement with several federal and state authorities and claimants in a class action lawsuit draws a line under on the largest consumer data breaches of US.
Joseph Simons, chairman of the Federal Trade Commission, said the company had “failed to take steps” that could have prevented the massive data breach”.
He further said: “The settlement requires that the company take steps to improve its data security going forward and will ensure that customers harmed by this breach can receive help protecting themselves from identity theft and fraud.”
The resolution with the FTC consumer Financial protection Bureau 50 state attorneys-general and class-action claimants, requires Equifax to pay $380m into a fund to compensate affected consumers $80m of which will be for attorney’s fees.
Equifax will also pay $290m in CFPB and state penalties including $10m to the New York Department of Financial Services and make $125m for the fund if it is used up.
Mark Begor, Equifax CEO said, he did not expect the company to make additional payments into the fund beyond the original amount. “We expect this will be enough, but we have made more money available because we recognise it may be necessary” he said.
Federal Trade Commission said “Hackers were able to access a staggering amount of data because Equifax failed to implement basic security measures”.