FTC announces final settlement of 2017 Equifax data breach
Here’s a timely reminder for business leaders about the long-term impact of a data breach and the importance of immediately disclosing a cyberattack.
The Federal Trade Commission announced this week that a multimillion-dollar settlement with credit reporting firm Equifax over a range of data from 2017 became final in January.
As the FTC website recounts, “In September 2017, Equifax announced a data breach that exposed the personal information of 147 million people. The company has agreed to a global settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau and 50 US states and territories. The settlement includes up to $425 million to help those affected by the data breach.
The federal agency informed consumers that the settlement administrator recently began sending emails and letters to people who filed a valid claim requesting free credit monitoring services from the settlement. Eligible applicants will receive a free membership to Experian Identity Works for four years.
Equifax noted on its website that “A federal court has approved a class action settlement that resolves lawsuits brought by consumers after the data breach. Equifax has denied any wrongdoing and no judgment or finding of wrongdoing has been rendered.
The data breach made national headlines in 2017.
As reported by USA today on September 18 of the same year, “Equifax CEO Richard Smith faces a cataclysmic crisis that threatens not only his job, but the survival of his company.
“Corporate America is no stranger to such existential moments. The question for Equifax is whether Smith is following the example of Tylenol after a deadly product tampering, BP after a deadly oil spill, or JetBlue after a disruptive ice storm.
“Hackers stole the personal information of 143 million people from Equifax credit files, leaving them vulnerable to identity theft. The information includes names, dates of birth, addresses and social security numbers.
“A breach of sensitive personal data may be impossible to repair. The second breach of customer trust can be just as difficult.
On September 26, 2017, CNBC reported that “Richard Smith, CEO and President of Equifax, abruptly retired on Tuesday following a credit reporting service data breach that affected the personal information of 143 millions of people.
“The breach has triggered multiple investigations at the state and federal levels, including the Department of Justice in Atlanta, where Equifax is based, and the Federal Trade Commission. The company said its chief information officer and chief security officer retired earlier this month.
“Three other executives, including the chief financial officer, came under scrutiny for selling $1.8 million of company stock just days after the breach was discovered internally, but nearly six weeks before it is announced to the public.”
Late disclosure triggers investigations
Equifax’s failure to disclose the data breach for six weeks has prompted headlines and additional investigations.
According to the wall street journal in October 2017, “Attorneys General in at least five states are examining why credit-reporting firm Equifax Inc. failed to notify the public for nearly six weeks of the massive data breach that potentially compromised information of 145.5 million Americans.
“As the broader investigation into the Equifax breach continues, some state officials want to know why Equifax didn’t speak out sooner. The investigations are aimed at determining whether Equifax violated state laws. requiring companies to promptly notify consumers when cyber thieves steal personal data.
The crisis was the subject of a detailed report by the American General Accountability Office and an in-depth analysis by Bloomberg Businessweek.