Big Breach Leads to Bigger Compensation

What is your identity worth?

Following extensive state and federal investigations, a settlement was reached this month regarding the notorious Equifax breach.  To compensate for the millions of individuals affected by the 2017 data break, the credit reporting agency has agreed to provide $300 million worth of monitoring services to affected consumers and $175 million to settle legal disputes with 48 states.  If it is determined, however, that the $300 million amount for services is not enough, then there is a stipulation stating the amount will increase another $125 million.  Equifax must also pay a $100 million fine to the Consumer Financial Protection Bureau.  In addition, the company must update and enhance their data security, to avoid any future computer-oriented crimes from taking place.    

As a result of the Equifax data breach, an expected 145 million Americans are potentially placed at risk of identity theft. Equifax serves as a credit reporting agency, and following the breach, millions of Social Security, driver’s license, and credit card numbers of consumers were compromised.  Other pieces of identifiable information taken in the breach were names, birth dates, and addresses.  Despite the initial cyber-attack in March 2017, the Atlanta, Georgia based company claims to have only discovered the breach on July 29, 2017.  The public was then notified in September 2017.  According to several claims, hackers tapped into a hole in Equifax’s company portal, where they were able to access the sensitive information.  Allegedly, Equifax employees were aware of the hole, but failed to act promptly to fix the issue.

Due to the company’s negligence, Equifax is being held responsible in more ways than one.  Not only does the company have to pay a hefty fine and settlement that will reach $700 million, but the business side of Equifax is suffering.  CEO Richard Smith retired under pressure, leaving the company in September 2017.  The stock of the company also tanked, affecting the financial stability of the company.  Perhaps the most important effect of the breach, however, is the risk to the identity of the individual consumer.