Click to Skip Ad
Closing in...

Equifax agrees to a settlement of up to $700 million for massive data breach

Published Jul 22nd, 2019 7:39PM EDT
FTC vs. Equifax
Image: AP/REX/Shutterstock

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Equifax a couple of years ago had to disclose a massive hack that affected some 147 million people. Hackers were able to extract from Equifax’s servers plenty of personal data, including names and birth dates, addresses, social security numbers, and some 209,000 payment card numbers and expiration dates. Since then, the FTC sued the company, and Equifax has now agreed to a settlement amounting to as much as $700 million.

The money will be used to provide free credit monitoring services to those people affected by the hack, as well as cash payments to those customers who hackers stole money from. In addition to that, Equifax will also have to take steps to ensure the security of the user data it hoards in order ot prevent similar attacks.

The FTC went after Equifax for the way the company handled the data breach. The hack was first detected in March 2017, when Equifax’s security team ordered that a patch must be applied to vulnerable systems. Equifax did not follow through, and the data breach went unfixed for months. In July 2017, the security team detected suspicious network activity, and the investigation that followed unearthed the most significant data breach in US history.

Equifax will pay $300 million to a fund that will provide credit monitoring services, the FTC explained in a press release. The company will also compensate consumers who bought credit or identity monitoring services from Equifax and incurred other costs related to the hacks. A further $125 million will be added to the fund if the initial sum is not enough.

Starting in January 2020, the company will have to provide US consumers with six free credit reports each year for seven years on top of the free annual credit report. Equifax will also pay $175 million to 48 states, DC, and Puerto Rico, as well as $100 million to the CFPB in civil penalties.

Going forward, Equifax will have to implement a series of measures designed to prevent future breaches, as well as allow regular independent security checks. Affected customers can check the FTC’s full announcement at this link, where they’ll find additional information to help them go forward with any claims they might have.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.