Equifax to pay a massive fine of around $650 million following to the 2017 data breach that exposes 145 million customers record. The exposed data includes names, addresses, driver license numbers, and Social Security numbers.
The company is expected to pay around $650 million to settle for Federal, state investigations and customer claims that associated with the data breach.
Equifax data breach happened in September 2017, hackers exploited a known vulnerability to harvest the customer’s data from Equifax servers.
According to the NYTimes report, “Equifax said it had set aside $690 million to cover the anticipated legal costs of the hacking. It has also spent hundreds of millions of dollars on improving its technology systems and on free credit report monitoring services.”
Equifax Fine
The ICO investigation found that Equifax data leak exposed UK customers, UK’s Information Commissioner’s Office said that “the UK arm of the company failed to take appropriate steps to ensure its American parent Equifax Inc, which was processing the data on its behalf, was protecting the information.”
The investigation was carried out according to the Data Protection Act 1998 and not with current GDPR act, because the new applied in the UK from 25 May 2018. ICO found that Equifax’s security measures in place were inadequate and ineffective.
“We are determined to look after UK citizens’ information wherever it is held. Equifax Ltd has received the highest fine possible under the 1998 legislation because of the number of victims, the type of data at risk and because it has no excuse for failing to adhere to its policies and controls as well as the law,” said Elizabeth Denham, Information Commissioner
ICO investigation also found that Equifax Inc was warned by DHS earlier in March 2017 to address the vulnerability, but the vulnerability was not properly patched.
“Multinational data companies like Equifax must understand what personal data they hold and take robust steps to protect it. Their boards need to ensure that internal controls and systems work effectively to meet legal requirements and customers’ expectations,” Ms. Denham added.
Earlier this month Marriott International and British Airways are fined under GDPR act for failure in protecting the customer data.
