2017 Data Breach Likely to Cost Equifax Up to $700 Million

In September 2017, hackers broke into credit agency Equifax, compromising almost 150 million Social Security numbers and other personal information. Now, according to sources, under the terms of an agreement with the Federal Trade Commission, Consumer Financial Protection Bureau and most state attorneys general, Equifax will pay about $700 million to settle with these agencies as well as a nationwide consumer class-action lawsuit. The exact amount of the settlement depends on the number of consumer claims ultimately filed.

The Wall Street Journal reports that hackers, who “gained access to consumers’ names, Social Security numbers, birth dates and addresses … were able to work their way into Equifax’s systems through a software flaw” — a malfunctioning scanning tool — that the company didn’t patch. Equifax then waited six weeks to disclose the hack, creating a huge backlash: the company’s chief executive retired and numerous state and federal investigations were launched.

“The breach highlighted how little control consumers have over their personal data and how it is shared,” says WSJ, which notes that, “much of Equifax’s revenue comes from the credit reports and other products it sells to lenders, which use the information to evaluate potential borrowers.”

According to sources, the settlement will “establish a fund to compensate consumers for harm suffered because of the breach” and launch a website and call center to handle claims. It will also “require Equifax to make additional changes to how it handles and protects consumer data.” WSJ reports that Equifax is already “on track to spend some $1.25 billion shoring up its security systems and upgrading technology.”

Two years after the data breach, “Equifax is still working to recover … [with] new product sales to U.S.-based lenders … lagging, as are sales of its consumer products.” In 2017, the company “suspended stock buybacks and froze its dividend … to prepare for a potential settlement,” and, in a May securities filing, revealed it had “set aside $690 million to cover expenses pertaining to investigations and lawsuits.”

At a House Financial Services Committee meeting, Equifax chief executive Mark Begor said the company had “taken steps since the breach to help consumers more easily access and fix errors on their credit reports.” “Our culture is shifting,” he said. Congress also passed laws “barring credit-reporting firms from charging fees to freeze and unfreeze credit reports.”