Equifax has to pay affected clients as much as US$700 million following a major data breach incident in 2017.
The cyberattack launched against Equifax in 2017 exposed the information of over 143 million people. According to the consumer credit reporting agency, the attackers had exploited an application sometime between May and July in 2017.
However, it turned out that the hackers had exploited a software flaw that the developers failed to patch. Reportedly, Equifax had two months to install a software fix to prevent the breach, but failed to do so in time.
Two people close to the matter told The New York Times that Equifax would have to pay US$650 million to settle investigations with the Consumer Financial Protection Bureau, the Federal Trade Commission, as well as several state attorneys general.
Wall Street Journal added that as part of the settlement, a fund will be set up to compensate people affected by the breach. There will also be a call centre and a website handling consumer claims. In addition, Equifax will be required to change that way it manages consumer data.
In April, the Office of the Privacy Commissioner of Canada came to the conclusion that both Equifax Canada and its parent company failed to meet its privacy obligations. The credit reporting agency has agreed to enter into a compliance agreement following the decision, and will submit third-party audit reports on its own security detail every two years.