July 20, 2019 12:10 am
Updated: July 20, 2019 9:22 am

Equifax paying settlement of $650M to $700M after major data breach: reports

Sept. 15, 2017: Equifax reportedly had two months to prevent its massive data breach, but failed to install a software fix.

A A

Equifax is set to pay out as much as $700 million in a settlement after millions of people’s data — including in Canada — was breached in 2017, reports said Friday

Reports varied on the settlement’s amount, however.

The Wall Street Journal reported that the credit monitoring agency is preparing to pay the money in an effort to settle investigations with the Consumer Financial Protection Bureau, the Federal Trade Commission and a number of state attorneys general, citing unnamed people who were “familiar with the matter.”

WATCH: Oct. 5, 2017 — Citizen activist group sends ‘Monopoly Guy’ to Equifax hearing

The New York Times, meanwhile, reported that the company would pay an amount closer to $650 million, citing two unnamed people who were close to the discussions.

Equifax was hit by a major hack in 2017 that exposed the information of as many as 143 million Americans and 8,000 Canadians.

The company said at the time that criminals had penetrated the data by exploiting an application between mid-May and July that year.

READ MORE: Equifax data breach affected 8,000 Canadians — not 100,000, review finds

It later turned out that hackers exploited a software flaw that developers hadn’t patched, the Journal noted.

Hackers also managed to scan the company’s network for months using a scanning tool that wasn’t working properly.

The breach saw information such as people’s birthdays, driver’s licence and Social Security numbers exposed.

WATCH: Sept. 8, 2017 — Massive cyber-attack at Equifax could leave millions vulnerable


Story continues below

Equifax CEO Richard Smith retired after news of the cyberattack emerged.

“At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward,” he said at the time.

His departure followed those of Equifax’s chief security officer and chief information officer.

READ MORE: Equifax CEO retires in wake of damaging cyberattack

As part of the settlement, a fund will be set up to compensate people who had experienced harm due to the breach, with a call centre and website handling claims, the Journal reported.

Equifax will be required to change how it manages consumer data, the newspaper added.

The New York Times noted that the fine is about in line with what Equifax expected to pay, having said in a financial filing that it set aside $690 million for legal costs linked to the hack.

WATCH: July 14 — Desjardins data breach a test of Bill C-59 and its various interfaces

That fine, however, is smaller than what Wells Fargo had to pay — $1 billion — after it settled charges for having forced fees and products on customers.

Canada’s privacy commissioner said in April that Equifax Canada and its American-based parent “fell far short of their obligations to Canadians.”

The commissioner criticized the company for having “poor security safeguards, retaining information too long, inadequate consent procedures, a lack of accountability for Canadians’ information and limited protection measures offered to affected individuals after the breach.”

  • With files from The Associated Press

© 2019 Global News, a division of Corus Entertainment Inc.

Report an error

Comments

Want to discuss? Please read our Commenting Policy first.