The cost of the 2017 Equifax data breach is set to go up by another $700m (£562m) following a settlement with the US Federal Trade Commission, on top of the $1.35bn (£1.1bn) the firm has already shelled out, bringing the total bill – so far – to over $2bn (£1.6bn).
Branded “the greatest security catastrophe of modern times”, the incident affected more than 147 million people worldwide and led to the “retirement” of then CEO Richard Smith as well as a raft of senior executives.
Two former tech chiefs have also been found guilty of insider trading; ex-chief information officer Jun Ying was handed a four month jail term – and a massive fine – earlier this month.
Initially Equifax attempted to kick out the mass lawsuits by insisting they were based on an “attenuated theory of liability” that was unprecedented, arguing that a 566-page complaint dossier on behalf of consumers was “long on words” but “short on operative facts”.
It has been reported that the $700m settlement resolves investigations by the FTC, the Consumer Financial Protection Bureau and most state attorney generals. It would also resolve a nationwide consumer class-action lawsuit, although there could still be further action outside of the US.
In the UK, Equifax was fined just £500,000, the maximum permitted under the Data Protection Act 1998. Under GDPR, the maximum fine could have been over £102m, 4% of the firm’s £2.55bn global turnover.
Even so, the $2bn bill dwarfs previous estimates that the breach would cost the business a record $600m (£432m), once regulatory and legal action was completed.
Equifax chief jailed for ‘abuse of trust’ over 2017 breach
Canadian data regulator to monitor Equifax for 6 years
Former Equifax executive sentenced for insider trading
Equifax first to be hit with maximum £500k data fine
Equifax tries to kill off ‘far fetched’ data breach claims
Equifax hires new chief exec from private equity giant
Equifax could face final bill of $600m for data breach
Former Equifax tech chief charged with insider trading
Flaw on Equifax system was exposed over 6 months ago
44m Brits could be affected by Equifax US data breach
Equifax rocked as mega hack exposes 143m consumers