A Georgia court granted final approval for a settlement involving Equifax in a class-action lawsuit following the massive 2017 data breach.
This week an Atlanta federal judge ruled that Equifax will pay $380.5 million to settle lawsuits relating to the 2017 data breach. Additionally, Equifax may be required to shell out an additional $125 million "if needed to satisfy claims for certain out-of-pocket losses."
The $380.5 million will be put into a fund for those consumers impacted that are a part of the lawsuit. This settlement also covers attorneys' fees, expenses and administration costs.
This settlement is slightly higher than what the Federal Trade Commission (FTC) estimated back in July 2019.
As part of the settlement, Equifax is required to pay a minimum of $1 billion to improve security measures, as well as $175 million to 48 states across the U.S. and $100 million in civil penalties to the Consumer Financial Protection Bureau.
Bloomberg claims that the company will also have to ay $1.4 billion in litigation expenses and $77.5 million as a percentage based fee.
Of the 147 million individuals affected by this breach, only 15 million are part of this class action lawsuit.
Class members have until January 22, 2020, to claim benefits. Those impacted can either sign up for 10 years of free credit monitoring or apply for a cash payout, making them eligible for up to $20,000.
Equifax has been in hot water since September 2017 when it disclosed the massive data breach. In this attack, hackers managed to gain access to customers' Social Security numbers, birth dates, addresses, and even driver's license numbers for some customers. The company discovered the intrusion in July 2019, leaving attackers with access to sensitive files for over 12 weeks.
In the wake of a number of recent high profile corporate breaches, including Travelex, Equifax, Marriot Group and Capital One, all of which resulted in heavy operational and financial penalty, NNT has linked up with the Center for Internet Security (CIS) to provide everyone with access to a useful set of tools that will enable easy adoption of the CIS essential controls.
Both in Congress and at a legislative level, there is increasing pressure on organizations to adopt a best practice approach to security through the adoption of an established framework, such as the CIS Controls, in order to mitigate breaches, while at the same time avoiding any subsequent and costly fines. In a recent testimony by John Gilligan CEO for the CIS, he states: “deploying the top five CIS Critical Security Controls can reduce up to 90 percent of known pervasive and dangerous cyber-attacks.”
NNT, in collaboration with the CIS, is urging all customers and prospects to consider this approach. We will show you how you can quickly establish a sensible security strategy based on the essential controls, with access to tools and expertise that will allow you to provably adopt them.