Equifax will pay a minimum of $575 million, and potentially up to $700 million for failing to properly protect people’s data, the company has agreed as part of a settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau (CFPB), 48 states, the District of Columbia and Puerto Rico. The shortcomings in the company’s cybersecurity lead to the catastrophic 2017 data breach impacting 147 million people.
The sum Equifax needs to pay consists of $300 million for a fund to provide credit monitoring services to people affected by the breach. If this amount proves insufficient, the firm will add up to $125 million to the fund. Equifax will also pay $175 million to 50 US states and territories, and $100 million to the CFPB.
FTC Chairman Joe Simons said about the settlement that “Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers. This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”
Read more: What you should know about the Equifax data breach settlement