Equifax has agreed to pay up to $700 million to state and federal regulators following the 2017 data breach that exposed the personal information of almost 150 million people. 

The Federal Trade Commission (FTC) announced today that the credit reporting agency will pay at least $300 million and up to $425 million to compensate affected victims with credit monitoring services. The money will go into a fund that will also be used to reimburse people who purchased credit or identity monitoring services due to the breach. The settlement amount could change depending on the number of claims still to be filed by consumers. 

Equifax will also pay $275 million in civil penalties and other compensation to 48 states, Washington, Puerto Rico, and the Consumer Financial Protection Bureau. 

In addition to the monetary relief to its customers, the deal also requires changes to how Equifax handles private user data. The company is required to adjust its information security protocols, including annual assessments of security risks, and receiving the board's certification vowing that the company has complied with the FTC's order. The company is also required to regularly test and monitor the effectiveness of its security safeguards and ensure that any service providers that access personal information stored by Equifax also implement adequate safeguards to protect personal data. 

In its complaint, the FTC alleges that Equifax failed to secure the treasure trove of personal data stored on its networking, leading to the largest breach in US history that exposed millions of names, Social Security numbers, birth dates, addresses, and other personal information that would lead to identity theft or fraud. 

The FTC alleges that Equifax failed to patch its network after being alerted in March 2017 to a critical security vulnerability affecting its ACIS database. While Equifax's security team ordered that each of the company's vulnerable systems be patched within 48 hours, the company failed to follow up with the employees responsible for the upgrade to ensure the order was carried out. Ultimately, the company did not discover that its ACIS database was unpatched until July 2017, after its security team detected suspicious traffic on its network. 

The FTC is also encouraging Equifax employees who believe the company is failing to meet these data security promises to email the FTC at [email protected]

NNT recommends hardening systems to maintain the highest level of security and hack-proof critical systems. Hardening systems requires all known security vulnerabilities to be eliminated or mitigated. Vulnerability management and maintaining a hardened build standard are inextricably linked to tight change control. Any configuration changes, through patching or other system maintenance, may introduce vulnerabilities to your environment, so visibility and control of changes is an essential security best practice.

 

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.