This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.nytimes.com/2019/07/19/business/equifax-data-breach-settlement.html
The article has changed 5 times. There is an RSS feed of changes available.
| Version 1 | Version 2 |
|---|---|
| Equifax Is Said to Be Near $650 Million Settlement for Data Breach | Equifax Is Said to Be Near $650 Million Settlement for Data Breach |
| (32 minutes later) | |
| The credit bureau Equifax is expected to pay around $650 million to settle federal and state investigations and consumer claims relating to a data breach that exposed sensitive information belonging to 145 million people, according to two people familiar with the settlement discussions. | The credit bureau Equifax is expected to pay around $650 million to settle federal and state investigations and consumer claims relating to a data breach that exposed sensitive information belonging to 145 million people, according to two people familiar with the settlement discussions. |
| The breach, which Equifax revealed in September 2017, included Social Security and driver’s license numbers and was one of the most severe exposures of Americans’ personal data. It drew widespread condemnation from lawmakers, law enforcement agencies and consumers. It also prompted the abrupt departure of Equifax’s chief executive and sent the company’s stock price tumbling, though it has since made back most of its losses. | The breach, which Equifax revealed in September 2017, included Social Security and driver’s license numbers and was one of the most severe exposures of Americans’ personal data. It drew widespread condemnation from lawmakers, law enforcement agencies and consumers. It also prompted the abrupt departure of Equifax’s chief executive and sent the company’s stock price tumbling, though it has since made back most of its losses. |
| A $650 million payment would be in line with what the company expected. In a recent financial filing, Equifax said it had set aside $690 million to cover the anticipated legal costs of the hacking. It has also spent hundreds of millions of dollars on improving its technology systems and on free credit report monitoring services for those affected by the breach. | |
| Attackers siphoned data out of Equifax’s computer systems over the course of months, through a known software vulnerability that inadvertently went unpatched. Who stole the data remains unknown — the company and law enforcement officials have not publicly attributed the crime, and cybersecurity experts have not seen the data surface in the kinds of online forums where stolen personal data is often bought and sold. | Attackers siphoned data out of Equifax’s computer systems over the course of months, through a known software vulnerability that inadvertently went unpatched. Who stole the data remains unknown — the company and law enforcement officials have not publicly attributed the crime, and cybersecurity experts have not seen the data surface in the kinds of online forums where stolen personal data is often bought and sold. |
| Most of the roughly $650 million payment would go toward compensating consumers for costs associated with the data breach, according to those familiar with the settlement discussions. | Most of the roughly $650 million payment would go toward compensating consumers for costs associated with the data breach, according to those familiar with the settlement discussions. |
| Federal and state agencies — including the Federal Trade Commission, the Consumer Financial Protection Bureau and at least 48 state attorneys general — are expected to announce details of the settlement on Monday. One of the people familiar with the settlement said Equifax would be required to take measures aimed at protecting its data. Under a previous consent order with eight state regulators, Equifax already agreed to comply with new rules aimed at making its data more secure. | Federal and state agencies — including the Federal Trade Commission, the Consumer Financial Protection Bureau and at least 48 state attorneys general — are expected to announce details of the settlement on Monday. One of the people familiar with the settlement said Equifax would be required to take measures aimed at protecting its data. Under a previous consent order with eight state regulators, Equifax already agreed to comply with new rules aimed at making its data more secure. |
| Wyatt Jefferies, a spokesman for Equifax, declined to comment. | |
| Plans for the settlement were reported earlier by The Wall Street Journal. | Plans for the settlement were reported earlier by The Wall Street Journal. |
| Equifax, based in Atlanta, is one of the three biggest credit reporting bureaus, alongside Experian and TransUnion. It holds records on hundreds of millions of people worldwide and delivers about two billion consumer files each year to lenders and other companies seeking information on those taking out mortgages, auto loans, credit cards and other financial products. | |
| The company was widely criticized in the days after it revealed its data breach for its slow and haphazard response, which included accidentally pointing people toward a fake version of its own information website on the breach and struggling to keep up with the volume of messages and phone calls from outraged consumers. In a series of fiery hearings on Capitol Hill, lawmakers blasted the company for its missteps. | |
| Equifax is facing a lighter financial penalty than some other corporate transgressors, like Wells Fargo, which paid $1 billion last year to settle charges from federal regulators for forcing unnecessary products and fees on unwilling customers. Federal laws give regulators like the F.T.C., which has primary supervision responsibility over data security, limited ability to impose fines, which has become challenging as the number and severity of data breaches grow. | Equifax is facing a lighter financial penalty than some other corporate transgressors, like Wells Fargo, which paid $1 billion last year to settle charges from federal regulators for forcing unnecessary products and fees on unwilling customers. Federal laws give regulators like the F.T.C., which has primary supervision responsibility over data security, limited ability to impose fines, which has become challenging as the number and severity of data breaches grow. |