Credit reporting agency Equifax is set to pay up to $700 million to the Federal Trade Commission FTC for a 2017 data breach that endangered the personal information of 143 million Americans–the largest settlement ever paid for a data breach.
Equifax will reportedly pay at least $300 million and as much as $425 million to compensate those whose data may have been compromised. The money is designed to reimburse those who purchased identity-monitoring services in the wake of the breach, though this number could change if more people decide to file claims. Equifax will also pay $275 million in civil penalties to 48 states, Washington, Puerto Rico, and the Consumer Financial Protection Bureau.
When the breach originally occurred, Richard Smith was ousted from his position as CEO and several executives were accused of insider trading. The hack was the largest breach in U.S. history and was only disclosed three months after Equifax discovered it.
Equifax’s deal with the FTC also has stipulation requiring them to change security protocols regarding the handling of personal information. Included in these protocols is an annual assessment of security risks that the company’s board must sign off on.
The FTC alleges that Equifax failed to protect people’s information despite a claim in its privacy policy stating that the company uses “reasonable physical technical and procedural safeguards” to protect their clients’ data.
“Companies that profit from personal information have an extra responsibility to protect and secure that data,” said FTC Chairman Joe Simons. “Equifax failed to take basic steps that may have prevented the breach.”
According to the FTC, Equifax is also required to “provide all U.S. consumers with six free credit reports each year for seven years” as part of the settlement.
[Photo Via ABC News Screen Shot]