On Monday it was announced that Equifax will pay up to $700 million in a settlement with the Federal Trade Commission. The settlement will end the numerous federal and state lawsuits filed against Equifax after the 2017 data breach.
The attack initially occurred after the company failed to patch a vulnerability in their systems, one they had learned about months earlier. The breach, now considered one of the largest in history, exposed personal information such as names, social security, and payment information of over 145 million users. In short, the fines amount to about about $4 per impacted person.
In Monday’s settlement, Equifax agreed to pay a minimum of $380.5 million in restitution funds for consumers effected by the breach. The company will add up to $125 million more to the fund if the initial amount runs out. Equifax will also provide free credit monitoring services for those effected.
Alongside the restitution fund, Equifax will pay $175 million in order to end investigations by 50 state attorneys general, and an additional $100 million to end investigations by the Consumer Financial Protection Bureau and the Federal Trade Commission.
The settlement will now go to the courts for approval. After that, consumers will be able to file a claim for credit monitoring, identity restoration services, and cash payments of up to $20,000. Information on the settlement and claims will be updated here.
Business as Usual?
With Equifax making $3.4 billion in revenue in 2018, the settlement adds up to about 20% of their revenues (Equifax already took a charge of 690 million in Q1 of this year in anticipation of the fines. However, after an initial drop in stock price, the company has largely recovered financially from the scandal. As of today, Equifax’s stock remains unaffected by news of the settlement.
Alongside Equifax, several large tech companies are beginning to face fines for mishandling consumer information. In March, it was announced the E.U. would fine Google $1.7 billion and earlier this month the FTC approved a $5 billion fine against Facebook. The question that needs to be asked now is how effective these fines really are. Will they be effective as a deterrent or will these large corporations simply factor them into the cost of business?
From the standpoint of consumers, it’s beginning to seem like real change will only occur through a mix of government regulation and, perhaps more importantly, market demand. It will be up to consumers to demand that their privacy is not something to be taken lightly.