The news of the day is that “Equifax will pay about $650 million — and perhaps much more — to resolve most claims from a 2017 data breach” according to the New York Times. Some estimates are that the breach will cost Equifax closer to $2 billion. For now, the New York Times says on this settlement, which is pegged as the largest ever data breach penalty:
- Almost half the settlement — $300 million — will go toward American consumers who were harmed by the breach, according to settlement documents filed in federal court in Atlanta.
- The company also agreed to pay $275 million in fines to end investigations by the Consumer Financial Protection Bureau, the Federal Trade Commission, and 48 states, plus the District of Columbia and Puerto Rico.
- Equifax agreed to provide up to 10 years of free credit monitoring services to all victims of the breach in the United States, an offer that could prove costly. Equifax is paying one of its competitors, Experian, to provide that service for the first four years, but the settlement assumes only about seven million people will sign up.
The full text of the settlement, in all of its 554 pages, can be found here.
The NYT indicates the prescribed fine could be just the tip of the iceberg if consumers take advantage of the free monitoring.
- That means the ultimate size of the settlement could change. Every additional million consumers who opt-in would cost Equifax more than $16 million, according to the settlement documents.
- If all 147 million victims of the breach were to take part, the monitoring services would cost Equifax more than $2 billion.
- “If people want Equifax to pay more, sign up for credit monitoring,” said Norman E. Siegel, a lawyer representing consumers in the settlement.
In several days, consumers will be able to check the court-approved website to see if they are eligible. If you are, you can choose between free credit monitoring or $125 in cash payment.
The settlement will not put Equifax out of business, but it will sting.
- The current settlement figure of about $650 million is a bit less than one typical quarter of sales for Equifax. Last year, the company earned $300 million, a 49 percent drop from its income a year earlier, on sales of $3.4 billion. Equifax’s stock price tumbled after the breach but has since recovered most of its losses.
There is one thing we know for sure: this won’t be the last, large data breach. Since this occurrence, Marriott “disclosed that thieves had stolen personal details on roughly 500 million guests” and title insurance company First American Financial Corporation left 900 million documents related to mortgage deals online and unprotected.
Overview by Brian Riley, Director, Credit Advisory Service at Mercator Advisory Group
