Following a data breach in 2017, Equifax, have been made to pay $700 million (£561 million) in the Federal Trade Commission (FTC) ’s biggest fine to date.
The credit score agency has been accused of failing to take out enough security to protect customer data, resulting in a data breach that has affected people in their millions.
Part of the information stolen by hackers in the security violation includes 209,000 bank card details, 145.5 million Social Security Numbers and 147 million names and dates of births.
FTC’s chairman Joe Simons commented, “Equifax failed to take basic steps that may have prevented the breach,” He added, “This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”
Where the $700m will go?
In compensation, it is thought that $300 million of the fine will be used as a pay-out to the cover expenses that victims had to deal with.
Money will also be given to the Consumer Financial Protection Bureau, as well as America’s 50 states, as the company is based in the US.
As part of the same attack, the UK’s Information Commissioners office has also fined Equifax £500,000 for failing to protect the personal information of 15 million UK citizens.
Did Equifax know there was a problem?
The FTC has said that the credit scoring agency was first made aware of problems in March 2017 when the company’s Automated Consumer Interview System (ACIS) experienced a critical vulnerability.
The fault meant that because of the way that Equifax’s IT system worked when customers tried to view their credit score, hackers could then access the system and steal records being held by the firm.
Although it was ordered for these vulnerabilities to be patched, the FTC suggested that Equifax did not check this had been done, resulting in the loss of millions of customer data. Adding to this, the watchdog also says that the data, which was stolen over a period of months, wasn’t encrypted, making it even easier for hackers to gain access to it.
After the fine, the credit-focused company has now agreed to carry out annual security tests and submit an assessment of its findings every 1 to 2 years.