The massive 2017 data breach in Equifax compromised more than 140 million sensitive data, including social security numbers, payment card details, among others. Recently, data protection specialists reported that the company had reached an agreement with U.S. government agencies, an agreement that included payment of about $650M USD for damage repair.
One of the highlights of the agreement is the
creation of a fund of around $380M USD to compensate the users affected by the
incident; in addition, Equifax undertook to add another $100 million if the
authorities concluded that the data breach resulted in losses greater than the
initial amount of the fund.
According to data protection experts, the agreement
also includes the money Equifax has had to invest in hiring credit monitoring
services, a service offered for free to the company’s millions of
To begin with, people affected by the data
breach will be able to aspire to compensation for the time they spent
trying to protect their information. In addition, they may also claim a refund
of up to $20k USD for traceable monetary losses.
The current CEO of the company stated:
“This is a great deal for the benefit of American consumers; it will also
help us move towards consolidating our role as a leading company in the field
implementing a complete IT security environment, so the security of our
customers’ information will become the company’s most important asset.”
According to data protection specialists from
the International Cyber Security Institute (IICS), in early 2019 a judge denied
the company a request to dismiss the class action against it. Although this
agreement appears to have imposed a gigantic fine on the company, cybersecurity
experts say that if the authorities really wanted all the victims of the Equifax
data breach to be rewarded, the agreement would establish a amount not less
than $2 billion USD.
Affected users have about six months to demand
compensation based on the impact generated by the incident.