Equifax, a credit reporting agency has to pay $700 million to state and federal regulators to provide a settlement for a data breach of exposing 150 million people. This is going to be the professional world’s most heavy price paid for a data breach in history.
According to a report by CNN business, The Federal Trade Commission on Monday announced that Equifax had to pay about $300 million at the base to $425 million as compensation to affected people with the credit monitoring service. The funds may go up to any high unit of score depending upon the claim filed by the customers regarding the demand for reimbursement for purchased credit or identity monitoring services because of the 2017 incident of a data breach.
48 states will receive $275 million as civil penalties and other compensation from Equifax. Puerto Rico, Washington, and the Consumer Financial Protection Bureau will also claim their compensation likewise.
There will be the implementation of changes in the system and the way Equifax controls the privacy of user data the company will bring adjustments to the information security protocols including annual assessment of security risks and will have to derive a boards certification that will ensure that the company has compiled to the FTC’s orders.
The data breach exposed several sensitive information, names, social security numbers, passwords, license number, and addresses of users without their notice. The company made profits from personal information but the information carries a sense of responsibility that the company was unable to perceive at the right time.
Hackers leveraged a security flaw in a tool designed to build web applications to steal customer data. Equifax admitted it was aware of the security flaw a full two months before the company says hackers first accessed its dataCNN
Equifax released the first hack on September 2017 after which it was exposed to the data breach discovered in the company. It is a matter of general responsibility of every company and organization which operates in any sector of the economy to pay attention to user security of information. Most of the time companies prefer selling user information to maximize profits from illegitimate sources. This kind of behavior is largely condemned by the consumer sector and also the companies falling from the proper protocols of user privacy have to pay heavy-duty charges for negligence.