Monday 22 July 2019 1:18 pm

Equifax fined up to $700m for massive data breach

Equifax has agreed to pay as much as $700m (£562m) as part of a settlement with the US regulator following a 2017 data breach that exposed the personal data of almost 150m people.

The Federal Trade Commission (FTC) accused the credit rating agency of failing to secure personal information stored on its system.

Read more: Equifax fined maximum £500,000 for data breach affecting £145m

Equifax will pay up to $425m to a fund that will provide credit monitoring services to affected companies. The remainder of the fine will be paid to US states and the Consumer Financial Protection Bureau.

“Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers,” said FTC chairman Joe Simons. 

“This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”

The FTC said hackers were able to access a “staggering” amount of data, such as social security numbers, credit card details and birth dates.

It said Equifax had failed to implement basic security measures, and accused the firm of storing customers’ information in plain text.

Read more: Marriott International to be fined £99m for data breach

In addition to the fine, the settlement requires the firm to roll out a new security programme to improve its data protection.

Last year the Information Commissioner’s Office – the UK’s data regulator – fined Equifax £500,000 for the same breach, which affected roughly 15m British citizens.

Main image credit: Getty