The day of reckoning has come for Equifax for a massive data breach two years ago, but for consumers hoping for more than a slap on a wrist, prepare yourself for disappointed. Equifax's penalty for failing to secure private information belonging to around 147 million Americans is a fine totaling at least $575 million, and potentially up to $700 million, the Federal Trade Commission announced today.
Sure, that is a staggering amount of money when viewed in a vacuum. However, to put that into perspective, it was recently reported that the FTC hammered Facebook with a $5 billion fine as a part of a settlement over numerous privacy mishaps. Many also view that as a slap on the wrist, considering that Facebook made a $22 billion profit last year.
Equifax is a smaller outfit (in terms of revenue), but still generates billions of dollars each year. A $575 million penalty, or even a $700 million one, feels rather soft considering the magnitude of the data breach. Nevertheless, the FTC views this as an appropriate settlement, and hopefully it gives the credit agency a kick in the pants to do better.
"Companies that profit from personal information have an extra responsibility to protect and secure that data," said FTC Chairman Joe Simons. "Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers. This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud."
The settlement includes $300 million to be paid out to a fund to provide affected Americans with credit monitoring services, along with compensation for consumers who purchased credit or identity monitoring services on their own. If that amount is not enough, Equifax has agreed to add up to $125 million more to the fund.
Equifax has also agreed to pay $175 million to 48 states, the District of Columbia, and Puerto Rico, and $100 million to the Consumer Financial Protection Bureau (CFPB0). In addition, it will provide all US consumers with six free credit reports each year for seven years, in addition to the free annual credit report that it already provides.
This whole thing was an epic failure on Equifax's part. Hackers took advantage of a known security flaw to conduct the largest data breach in US history. While they did not obtain credit reports, they were able to access (and subsequently attempt to sell) a treasure trove of private data, including names, Social Security numbers, driver's license numbers, and addresses.
Once the settlement becomes official with a court order, you can access this special website to see if you are affected, and to see how you can file a claim for any eligible benefits.