Cyber Monday Deal: Up to 60% off InvestingProCLAIM SALE

Equifax to pay up to $700 million in U.S. data breach settlement

Published 07/22/2019, 05:00 PM
© Reuters. FILE PHOTO: Credit cards, a chain and an open padlock is seen in front of displayed Equifax logo in this illustration
EFX
-

By Pete Schroeder

WASHINGTON (Reuters) - Credit-reporting company Equifax Inc (N:EFX) will pay up to $700 million to settle claims it broke the law during a massive 2017 data breach and to repay harmed consumers, in a landmark settlement that was nonetheless criticized by consumer advocates and some lawmakers who called for stricter regulation.

While it was the largest-ever settlement for a data breach, they said the amount was still too small for the millions of Americans affected, and worried it could prove difficult for consumers to be repaid. The agreement also spurred multiple lawmakers to renew calls for legislation giving consumers more control over their personal information.

"This settlement is just a drop in the bucket of what Equifax’s disregard for privacy could cost American families," Democratic U.S. Senator Sherrod Brown said in a statement.

The settlement concludes multiple probes into Equifax by the Federal Trade Commission, the Consumer Financial Protection Bureau and nearly all state attorneys general. It also resolves pending class-action lawsuits against the company.

Shares in Equifax, which is one of three major credit reporting companies, closed up 0.4 percent at $137.84 a share in trading on the New York Stock Exchange on Monday.

Roughly 147 million people had information, including Social Security numbers and driver's license data, compromised by the breach. The hackers have never been identified.

While Equifax said on Monday it saw no evidence the stolen information had been used in identity thefts, regulators said the company failed to protect the data and misled consumers as to how secure it was. They ordered Equifax to set aside funds to repay consumers who spent time or money protecting themselves after the breach.

The company will establish a $300 million restitution fund which could climb to $425 million depending on how many people file claims. Only consumers who can show they suffered direct costs following the breach, either from identity theft or by purchasing credit-monitoring services, will be eligible for restitution, capped at $20,000 per person.

Equifax Chief Executive Mark Begor told reporters Monday he expected that the initial amount, which will also cover the costs of a decade of free credit monitoring for affected consumers, would be sufficient. In an interview on Monday afternoon with CNBC, Begor said the fund could be operational by year's end.

In addition, the company will pay a $175 million fine to the states and $100 million to the CFPB.

Consumer advocates said the settlement was modest given the huge number of people affected.

"It's a parking ticket, not a penalty," Ed Mierzwinski of the Washington-based U.S. Public Interest Research Group said in an email. He added that consumers should not have to jump through hoops to receive compensation.

Others questioned whether the fund would be sufficient given the long-term risks of having a Social Security number exposed.

"The settlement provides some compensation right now, but the risk of identity theft is forever," said Chi Chi Wu, attorney for the National Consumer Law Center.

Speaking to reporters, Federal Trade Commission Chairman Joe Simons said the agency also wanted to impose a monetary penalty, but the law does not allow it to fine companies for their first offense, an issue he has called on Congress to fix.

A spokeswoman for the Massachusetts attorney general, who along with Indiana, is not participating in the settlement, said its litigation against the company was ongoing. "Equifax must pay a penalty commensurate with the worst data breach in American history," she added.

POTENTIAL LEGISLATION

Equifax disclosed in 2017 that a data breach had compromised the personal information, including Social Security numbers, of 147 million people.

The scandal sent the company into turmoil, leading to the exit of its then-CEO, Richard Smith, and multiple congressional hearings as the company's slowness to disclose the breach and security practices were challenged by lawmakers.

Policymakers and consumer groups have questioned how private companies could amass so much personal data, sparking efforts to bolster consumers' ability to control their information. Both the Senate Banking and House of Representatives Financial Services Committees are considering legislation that would require companies to better protect consumer data.

"We need structural reforms and increased oversight of credit reporting agencies in order to make sure that this never happens again," Democratic Senator Mark Warner said in a statement.

Begor told reporters on Monday the company was overhauling its processes to put consumers first, and was committing $1.25 billion to bolster its data security.

© Reuters. FILE PHOTO: Credit cards, a chain and an open padlock is seen in front of displayed Equifax logo in this illustration

Equifax has also agreed as part of the settlement to several new measures, including reviews of its security policies by a government-appointed third party. Equifax's board also must certify annually that the company has complied with the settlement terms, and could be fined if not.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.