Equifax is close to reaching a settlement to lay to rest lawsuits brought forward by the US Federal Trade Commission (FTC), state attorneys, and a class-action case relating to the firm’s 2017 data breach.
The security incident was caused by a failure to resolve a known security flaw in Apache Struts, despite a patch being made available two months prior to the breach.
This permitted a hacker to access the credit monitoring company’s systems, leading to the theft of records belonging to over 146 million users.
Names, dates of birth, Social Security numbers, phone numbers, email addresses, and driver’s license details were among the data sets stolen.
Such a severe — and preventable — lapse in security prompted regulators and impacted individuals to take Equifax to task through the legal system. However, according to The Wall Street Journal, a settlement is now on the books and could be revealed as soon as Monday.
See also: Google bought my friend’s face for $5
Under the terms of the deal, Equifax will reportedly pay approximately $700 million in damages. The settlement will resolve claims made by the FTC, the Consumer Financial Protection Bureau, a number of state attorneys, as well as a consumer-focused class-action lawsuit.
However, this figure is not set in stone and may change depending on whether or not additional consumer-focused claims are filed — and this will be made possible with the creation of a consumer claim fund, website, and hotline for victims.
Equifax is yet to fully recover from the data breach. The firm’s chief executive, Richard Smith, stepped down; hundreds of millions of dollars have been spent on shoring up security and securing cybersecurity insurance; Equifax’s ratings outlook has suffered; sales have stagnated, and former employees who profited on the data breach have chipped away at the company’s already-battered reputation.
Equifax is not the only credit monitoring service to suffer an extensive data breach. In 2015, Experian disclosed a data breach which led to the compromise of information — including Social Security numbers — belonging to 15 million consumers.
ZDNet has reached out to Equifax and will update if we hear back.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0