$700m fine hikes Equifax data breach bill to over $2bn

The cost of the 2017 Equifax data breach is set to go up by another $700m (£562m) following a settlement with the US Federal Trade Commission, on top of the $1.35bn (£1.1bn) the firm has already shelled out, bringing the total bill – so far – to over $2bn (£1.6bn).
Branded “the greatest security catastrophe of modern times”, the incident affected more than 147 million people worldwide and led to the “retirement” of then CEO Richard Smith as well as a raft of senior executives.
Two former tech chiefs have also been found guilty of insider trading; ex-chief information officer Jun Ying was handed a four month jail term – and a massive fine – earlier this month.
Initially Equifax attempted to kick out the mass lawsuits by insisting they were based on an “attenuated theory of liability” that was unprecedented, arguing that a 566-page complaint dossier on behalf of consumers was “long on words” but “short on operative facts”.
It has been reported that the $700m settlement resolves investigations by the FTC, the Consumer Financial Protection Bureau and most state attorney generals. It would also resolve a nationwide consumer class-action lawsuit, although there could still be further action outside of the US.
In the UK, Equifax was fined just £500,000, the maximum permitted under the Data Protection Act 1998. Under GDPR, the maximum fine could have been over £102m, 4% of the firm’s £2.55bn global turnover.
Even so, the $2bn bill dwarfs previous estimates that the breach would cost the business a record $600m (£432m), once regulatory and legal action was completed.

Share with friends and colleagues

Related Articles