Equifax has agreed to pay up to $700 million to state and federal regulators following the 2017 data breach that exposed the personal information of almost 150 million people. 

The Federal Trade Commission (FTC) announced today that the credit reporting agency will pay at least $300 million and up to $425 million to compensate affected victims with credit monitoring services. The money will go into a fund that will also be used to reimburse people who purchased credit or identity monitoring services due to the breach. The settlement amount could change depending on the number of claims still to be filed by consumers. 

Equifax will also pay $275 million in civil penalties and other compensation to 48 states, Washington, Puerto Rico, and the Consumer Financial Protection Bureau. 

In addition to the monetary relief to its customers, the deal also requires changes to how Equifax handles private user data. The company is required to adjust its information security protocols, including annual assessments of security risks, and receiving the board's certification vowing that the company has complied with the FTC's order. The company is also required to regularly test and monitor the effectiveness of its security safeguards and ensure that any service providers that access personal information stored by Equifax also implement adequate safeguards to protect personal data. 

In its complaint, the FTC alleges that Equifax failed to secure the treasure trove of personal data stored on its networking, leading to the largest breach in US history that exposed millions of names, Social Security numbers, birth dates, addresses, and other personal information that would lead to identity theft or fraud. 

The FTC alleges that Equifax failed to patch its network after being alerted in March 2017 to a critical security vulnerability affecting its ACIS database. While Equifax's security team ordered that each of the company's vulnerable systems be patched within 48 hours, the company failed to follow up with the employees responsible for the upgrade to ensure the order was carried out. Ultimately, the company did not discover that its ACIS database was unpatched until July 2017, after its security team detected suspicious traffic on its network. 

The FTC is also encouraging Equifax employees who believe the company is failing to meet these data security promises to email the FTC at [email protected]

NNT recommends hardening systems to maintain the highest level of security and hack-proof critical systems. Hardening systems requires all known security vulnerabilities to be eliminated or mitigated. Vulnerability management and maintaining a hardened build standard are inextricably linked to tight change control. Any configuration changes, through patching or other system maintenance, may introduce vulnerabilities to your environment, so visibility and control of changes is an essential security best practice.

 

NNT Suite of Products

change tracker gen7r2 logo

Combine industry leading Device Hardening, File Integrity Monitoring, Change Control, Configuration Management & Compliance Management into one easy to use solution that can scale to the most demanding environments!

fastcloud logo

Automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology) Integrity Assurance.

log tracker logo logo

Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds.

vulnerability tracker logo

Continuously scan and identify vulnerabilities with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
1175 Peachtree St NE
Atlanta, Georgia, 30361.
Portland
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: (844) 898-8358
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 01582 287310
email [email protected]
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified IBM Security
Copyright 2019, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.