Equifax to pay up to US$700M in data breach settlement
Advertisement
Read this article for free:
or
Already have an account? Log in here »
To continue reading, please subscribe:
Monthly Digital Subscription
$1 per week for 24 weeks*
- Enjoy unlimited reading on winnipegfreepress.com
- Read the E-Edition, our digital replica newspaper
- Access News Break, our award-winning app
- Play interactive puzzles
*Billed as $4.00 plus GST every four weeks. After 24 weeks, price increases to the regular rate of $19.00 plus GST every four weeks. Offer available to new and qualified returning subscribers only. Cancel any time.
Monthly Digital Subscription
$4.75/week*
- Enjoy unlimited reading on winnipegfreepress.com
- Read the E-Edition, our digital replica newspaper
- Access News Break, our award-winning app
- Play interactive puzzles
*Billed as $19 plus GST every four weeks. Cancel any time.
To continue reading, please subscribe:
Add Free Press access to your Brandon Sun subscription for only an additional
$1 for the first 4 weeks*
*Your next subscription payment will increase by $1.00 and you will be charged $16.99 plus GST for four weeks. After four weeks, your payment will increase to $23.99 plus GST every four weeks.
Read unlimited articles for free today:
or
Already have an account? Log in here »
Hey there, time traveller!
This article was published 22/07/2019 (2292 days ago), so information in it may no longer be current.
Equifax will pay up to US$700 million to settle with U.S. federal and state governments over a 2017 data breach that exposed the private information of nearly 150 million people, including thousands in Canada.
The settlement with the U.S. Consumer Financial Protection Bureau and the Federal Trade Commission, as well as 48 states and the District of Columbia and Puerto Rico, would provide up to US$425 million in monetary relief to consumers, a US$100 million civil money penalty, and other relief.
The breach was one of the largest ever to threaten private information. The consumer reporting agency, based in Atlanta, did not detect the attack for more than six weeks. The compromised data included Social Security numbers, birth dates, addresses, driver license numbers, credit card numbers and in some cases, data from passports.
“The consumer fund of up to US$425 million that we are announcing today reinforces our commitment to putting consumers first and safeguarding their data – and reflects the seriousness with which we take this matter,” said Equifax CEO Mark Begor.
Canada’s Office of the Privacy Commissioner concluded in April that the company fell short of their privacy obligations to Canadians, including poor security safeguards and holding information too long, but it did not level fines.
The privacy commissioner, which found that about 19,000 Canadians were affected by the breach, said the company entered into a compliance agreement and had taken steps to improve its security and accountability.
Equifax Inc. detected the attack on July 29, 2017 and contained it the following day. However, Equifax Canada wasn’t notified of the breach until just before the U.S. parent company publicly disclosed it on Sept. 7, 2017.
The breach occurred after hackers gained access to Equifax Inc.’s systems through a vulnerability the company had known about for more than two months, but had not fixed.
While Equifax Canada offered free credit monitoring to breach victims for at least four years, other protections didn’t match what was offered by the parent company, including credit freezes that restrict access to credit files.
The privacy commissioner also found that the transfer of information about Canadians to the U.S. without their knowledge was inconsistent with its obligations to obtain consent before disclosing personal information to third parties located in another country.
Equifax stock, which plunged 30 per cent in the days following the disclosure of the breach, have returned to levels where they traded before the incident.
Affected U.S. consumers may be eligible to receive money by filing one or more claims for conditions including money spent purchasing credit monitoring or identity theft protection after the breach and the cost of freezing or unfreezing credit reports at any consumer reporting agency.
All impacted consumers in the U.S. would be eligible to receive at least 10 years of free credit-monitoring, at least seven years of free identity-restoration services, and, starting on Dec. 31 and extending seven years, all U.S. consumers may request up to six free copies of their Equifax credit report during any 12-month period.
If consumers choose not to enrol in the free credit monitoring product available through the settlement, they may seek up to $125 as a reimbursement for the cost of a credit-monitoring product of their choice. Consumers must submit a claim in order to receive free credit monitoring or cash reimbursements.
“Companies that profit from personal information have an extra responsibility to protect and secure that data,” said FTC Chairman Joe Simons. “Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers. This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”
The company said earlier this year that it had set aside around US$700 million to cover anticipated settlements and fines.
The settlement must still be approved by the federal district court in the Northern District of Georgia.
—With files