Atlanta-based consumer credit reporting agency Equifax has agreed to pay US$380.5 million to settle a class-action lawsuit, brought forward by the U.S. Federal Trade Commission (FTC), relating to a 2017 data breach that leaked a massive amount of information of more than 147 million people in the U.S. alone.
As per the settlement, Equifax will pay US$380.5 million as a penalty from where the class action members can withdraw up to US$20,000 as compensation. Additionally, the company may also require spending US$125 million for out-of-pocket claims. Class action members will also receive 10 years of free credit monitoring services from Equifax.
The Northern District Court of Georgia granted the settlement after consulting with the U.S. FTC, State Attorneys, and members of the class-action suit.
Overview of the Data Breach
In September 2017, Equifax disclosed that its databases were hacked between May and June 2017, and attackers gained access to the company’s data that compromised sensitive information for 147 million American consumers, including Social Security numbers, credit card numbers, and driver’s license numbers.
Equifax discovered the breach on July 29, 2017, but waited until after the close of trading nearly six weeks later to disclose the breach to its consumers and investors, after hackers exfiltrated data for 76 days.
Earlier, in September 2018, Equifax was charged with a fine of £500,000 (US$660,000) by the Information Commissioner Office (ICO) for failing to protect the personal and financial data of customers. The ICO, which carried out the investigation, stated that Equifax was warned about vulnerabilities in its systems by the U.S. Department of Homeland Security in March 2017. However, Equifax failed to take proper steps to fix the vulnerabilities.