Data protection specialists say that, after two years, business advisory firm Equifax has reached an agreement with U.S. government agencies to pay around $700M USD due to massive data breach happened in the company in 2017.
The agreement involves bodies such as the Federal Trade Commission (FTC), the Consumer Protection Bureau, and
several states’ attorney generals. As reported, the FTC will release details
about the agreement in the upcoming days, as the amount that Equifax will have
to pay has not yet been fully defined, as the company can still refuse the final
amount of the fine. It is also unknown how many victims of the data breach will
receive compensation, as so far it is known that part of the agreement is to
create a fund to compensate for the damage to those affected by the incident.
According to data protection specialists, a
couple of years ago the company confirmed that a group of unidentified threat
actors managed to compromise their security and access their systems; during
the incident, the hacking group stole confidential information from around 140
million Equifax customers, mainly companies based in countries such as the
United States, Canada and the United Kingdom. “I apologize to users and
our business customers for the concern and frustration this incident is causing
them,” Said Richard F. Smith, president of the company.
Subsequent investigations revealed that the
data gap was presented due to an uncorrected vulnerability in outdated software
used by company employees; the then CEO of the company was fired for trying to
cover up the incident. In addition to the million-dollar damage repair, Equifax
undertook to update its computer security policies to prevent similar incidents
in the future.
According to the data protection specialists from
the International Institute of Cyber Security (IICS), among all the records
compromised during this incident stands out the theft of more than 200k payment
card numbers, in addition to almost 190k personal identification information
documents, which could have been used by malicious hackers to perform illegal
activities, such as card fraud or identity theft.
