Equifax has reached a data breach settlement with the Consumer Financial Protection Bureau (Bureau), the Federal Trade Commission (FTC) and 48 states, the District of Columbia and Puerto Rico.
The effort would provide up to $700 million in monetary relief and penalties. In a complaint and proposed stipulated judgment filed in federal district court in the Northern District of Georgia, the Bureau alleged Equifax engaged in unfair and deceptive practices in connection with the 2017 data breach of Equifax’s systems, impacting approximately 147 million consumers.
CFPB Director Kathleen L. Kraninger said the announcement is not the end of efforts to ensure consumers’ sensitive personal information is safe and secure.
“The incident at Equifax underscores the evolving cybersecurity threats confronting both private and government computer systems and actions they must take to shield the personal information of consumers,” Kraninger said. “Too much is at stake for the financial security of the American people to make these protections anything less than a top priority.”
If the agreement garners the court’s approval, it will provide up to $425 million in monetary relief to consumers, a $100 million civil money penalty and other relief, per officials. In total, the settlements would impose up to $700 million in relief and penalties.
“Companies that profit from personal information have an extra responsibility to protect and secure that data,” FTC Chairman Joe Simons said. “Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers. This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”