Advertisement

Equifax paying settlement of $650M to $700M after major data breach: reports

Click to play video: 'Equifax reportedly knew for months about cyber-security vulnerability' Equifax reportedly knew for months about cyber-security vulnerability
Sept. 15, 2017: Equifax reportedly had two months to prevent its massive data breach, but failed to install a software fix. – Sep 15, 2017

Equifax is set to pay out as much as $700 million in a settlement after millions of people’s data — including in Canada — was breached in 2017, reports said Friday

Reports varied on the settlement’s amount, however.

The Wall Street Journal reported that the credit monitoring agency is preparing to pay the money in an effort to settle investigations with the Consumer Financial Protection Bureau, the Federal Trade Commission and a number of state attorneys general, citing unnamed people who were “familiar with the matter.”

WATCH: Oct. 5, 2017 — Citizen activist group sends ‘Monopoly Guy’ to Equifax hearing

Click to play video: 'Citizen activist group sends ‘Monopoly Guy’ to Equifax hearing' Citizen activist group sends ‘Monopoly Guy’ to Equifax hearing
Citizen activist group sends ‘Monopoly Guy’ to Equifax hearing – Oct 5, 2017

The New York Times, meanwhile, reported that the company would pay an amount closer to $650 million, citing two unnamed people who were close to the discussions.

Story continues below advertisement

Equifax was hit by a major hack in 2017 that exposed the information of as many as 143 million Americans and 8,000 Canadians.

The company said at the time that criminals had penetrated the data by exploiting an application between mid-May and July that year.

READ MORE: Equifax data breach affected 8,000 Canadians — not 100,000, review finds

It later turned out that hackers exploited a software flaw that developers hadn’t patched, the Journal noted.

Hackers also managed to scan the company’s network for months using a scanning tool that wasn’t working properly.

The breach saw information such as people’s birthdays, driver’s licence and Social Security numbers exposed.

WATCH: Sept. 8, 2017 — Massive cyber-attack at Equifax could leave millions vulnerable

Click to play video: 'Massive cyber-attack at Equifax could leave millions vulnerable' Massive cyber-attack at Equifax could leave millions vulnerable
Massive cyber-attack at Equifax could leave millions vulnerable – Sep 8, 2017

Equifax CEO Richard Smith retired after news of the cyberattack emerged.

Story continues below advertisement

“At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward,” he said at the time.

His departure followed those of Equifax’s chief security officer and chief information officer.

READ MORE: Equifax CEO retires in wake of damaging cyberattack

As part of the settlement, a fund will be set up to compensate people who had experienced harm due to the breach, with a call centre and website handling claims, the Journal reported.

Equifax will be required to change how it manages consumer data, the newspaper added.

The New York Times noted that the fine is about in line with what Equifax expected to pay, having said in a financial filing that it set aside $690 million for legal costs linked to the hack.

WATCH: July 14 — Desjardins data breach a test of Bill C-59 and its various interfaces

Click to play video: 'Desjardins data breach a test of Bill C-59 and its various interfaces' Desjardins data breach a test of Bill C-59 and its various interfaces
Desjardins data breach a test of Bill C-59 and its various interfaces – Jul 14, 2019

That fine, however, is smaller than what Wells Fargo had to pay — $1 billion — after it settled charges for having forced fees and products on customers.

Story continues below advertisement

Canada’s privacy commissioner said in April that Equifax Canada and its American-based parent “fell far short of their obligations to Canadians.”

The commissioner criticized the company for having “poor security safeguards, retaining information too long, inadequate consent procedures, a lack of accountability for Canadians’ information and limited protection measures offered to affected individuals after the breach.”

  • With files from The Associated Press

Sponsored content