U.S. Consumer Credit Reporting Agency Equifax Must Spend “a minimum of USD 1 billion” for Data Security
A massive data breach that was “entirely preventable” will cost U.S. credit-reporting agency Equifax another USD 1 billion to beef up its cyber-security efforts.
Last year, Equifax agreed to pay up to USD 700 million in a settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau, and a coalition of 50 attorneys general. The investigation found Equifax failed to take basic measures to secure its network that led to a September 2017 data breach that affected approximately 147 million people. In addition, Equifax agreed to pay USD 300 million to a Consumer Restitution Fund that will provide affected consumers with credit-monitoring services, bringing their total close to USD 1 billion.
According to court documents, disclosed on 13 January 2020 by the U.S. District Court for the North District of Georgia, Equifax must spend “a minimum of USD 1 billion for data security and related technology over five years and comply with comprehensive data-security requirements. Furthermore, Equifax’s compliance will be audited by an experienced, independent assessor and subject to this court’s enforcement powers.”
More information and the court documents: