Equifax has agreed to pay up to $700m (£561m) as part of a settlement with a US regulator following a data breach in 2017. The Federal Trade Commission had alleged the Atlanta-based firm failed to take reasonable steps to secure its network. The records of at least 147 million people were exposed in the incident. At least $300m will go towards paying for identity theft services and other related expenses run up by the victims. This sum will expand to a maximum of $425m, if required to cover the consumers' losses.
The UK's Information Commissioner's Office has already issued the company with a £500,000 fine for failing to protect the personal information of up to 15 million UK citizens during the same attack.
As part of the settlement, the FTC said that Equifax had also agreed to:
carry out its own annual audit of security risks;
submit to an external assessment of its security efforts once every two years;
ensure that third-parties given access to personal data stored by the firm also have adequate data protection measures in place.
Todate, the FTC has fined several organisations that suffered data breach in the US aside from Equifax and Uber. The most notable is the fine of USD5 billion against Facebook.
With breaches being reported unabated in the preceding 12 months, we could see more and more organisations fined by the FTC, who has data breach authority in the US.