Equifax has agreed to pay as much as $700m (£562m) as part of a settlement with the US regulator following a 2017 data breach that exposed the personal data of almost 150m people.
The Federal Trade Commission (FTC) accused the credit rating agency of failing to secure personal information stored on its system.
Equifax will pay up to $425m to a fund that will provide credit monitoring services to affected companies. The remainder of the fine will be paid to US states and the Consumer Financial Protection Bureau.
“Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers,” said FTC chairman Joe Simons.
“This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”
The FTC said hackers were able to access a “staggering” amount of data, such as social security numbers, credit card details and birth dates.
It said Equifax had failed to implement basic security measures, and accused the firm of storing customers’ information in plain text.
In addition to the fine, the settlement requires the firm to roll out a new security programme to improve its data protection.
Last year the Information Commissioner’s Office – the UK’s data regulator – fined Equifax £500,000 for the same breach, which affected roughly 15m British citizens.
Main image credit: Getty