Equifax has finally reached a settlement over the 2017 data breach that affected over 147 million people. All of their personal information were exposed including birthdates, addresses and social security numbers. Depending on the amount of compensation people claim, the company will pay out as much as $700 million. They have also agreed to provide free credit monitoring services to anyone affected for up to ten years as well as the cash to refund any costs incurred.
This breach is being called one of the worst in US history and to top it off, the company was made aware of the vulnerability back in March of that year. The security team did what they were supposed to do by initially ordering for the vulnerability to be patched but they never followed up to make sure it actually happened. The existence of this vulnerability allowed hackers to access Equifax’s servers where they discovered the admins credentials stored in plain text. This is where the hackers had continuous access for months to steal the personal information from millions of people.
The Wall Street Journal noted that of the 147 million people affected, most of them were not even customers of Equifax since the company makes a lot of its money from selling credit reports and other products to lenders to evaluate their potential customers. Equifax has agreed not only to pay out the cash but also agreed to conduct an annual internal assessment of security risks and to obtain a third party assessment every two years. The FTC even set up a dedicated email for whistleblowers to use if they don’t think the company is following data security obligations. Just head over to the FTC site where they are providing information for people who want to make a claim against Equifax.