Jul 22, 2019

Equifax agrees to data breach settlement worth up to $700 million

Equifax, one of the largest credit reporting agencies in the U.S., agreed to a settlement with the Federal Trade Commission on Monday worth up to $700 million — with $425 million going directly to 150 million affected consumers — for its 2017 data breach, per AP.

Our thought bubble, via Axios' Joe Uchill: $700 million is no small payment for any company, but it does break out to less than $5 for each affected consumer. It's worth noting that had this breach taken place under the jurisdiction of current European laws, the fine could have been 2–4% of Equifax's revenue — between 10–20 times larger.

  • At a press conference announcing the settlement, the FTC directed comments to Congress, noting that while the Consumer Financial Protection Bureau and states were able to exact penalties from Equifax, the FTC currently does not have the authority to issue civil fines. The agency hopes Congress will pass comprehensive privacy legislation to address that lack of authority.

Go deeper: Equifax's stolen data hasn't surfaced

Go deeper