Friday, July 19, 2024

Equifax to Pay Nearly $650 Million as Fine Over 2017 Data Breach

Equifax to pay a massive fine of around $650 million following to the 2017 data breach that exposes 145 million customers record. The exposed data includes names, addresses, driver license numbers, and Social Security numbers.

The company is expected to pay around $650 million to settle for Federal, state investigations and customer claims that associated with the data breach.

Equifax data breach happened in September 2017, hackers exploited a known vulnerability to harvest the customer’s data from Equifax servers.

According to the NYTimes report, “Equifax said it had set aside $690 million to cover the anticipated legal costs of the hacking. It has also spent hundreds of millions of dollars on improving its technology systems and on free credit report monitoring services.”

Equifax Fine

The ICO investigation found that Equifax data leak exposed UK customers, UK’s Information Commissioner’s Office said that “the UK arm of the company failed to take appropriate steps to ensure its American parent Equifax Inc, which was processing the data on its behalf, was protecting the information.”

The investigation was carried out according to the Data Protection Act 1998 and not with current GDPR act, because the new applied in the UK from 25 May 2018. ICO found that Equifax’s security measures in place were inadequate and ineffective.

“We are determined to look after UK citizens’ information wherever it is held. Equifax Ltd has received the highest fine possible under the 1998 legislation because of the number of victims, the type of data at risk and because it has no excuse for failing to adhere to its policies and controls as well as the law,” said Elizabeth Denham, Information Commissioner

ICO investigation also found that Equifax Inc was warned by DHS earlier in March 2017 to address the vulnerability, but the vulnerability was not properly patched.

“Multinational data companies like Equifax must understand what personal data they hold and take robust steps to protect it. Their boards need to ensure that internal controls and systems work effectively to meet legal requirements and customers’ expectations,” Ms. Denham added.

Earlier this month Marriott International and British Airways are fined under GDPR act for failure in protecting the customer data.

SponsoredFree GDPR Comics Book – Importance of Following General Data Protection Regulation (GDPR) to protect your Company Data and user privacy

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.


Latest articles

Hackers Claiming Dettol Data Breach: 453,646 users Impacted

A significant data breach has been reported by a threat actor known as 'Hana,'...

CrowdStrike Update Triggers Widespread Windows BSOD Crashes

A recent update from cybersecurity firm CrowdStrike has caused significant disruptions for Windows users,...

Operation Spincaster Disrupts Approval Phishing Technique that Drains Victim’s Wallets

Chainalysis has launched Operation Spincaster, an initiative to disrupt approval phishing scams that have...

Octo Tempest Know for Attacking VMWare ESXi Servers Added RansomHub & Qilin to Its Arsenal

Threat actors often attack VMware ESXi servers since they accommodate many virtual machines, which...

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs

Hackers exploit open-source tools to execute attacks because they are readily available, well-documented, and...

macOS Users Beware Of Weaponized Meeting App From North Korean Hackers

Meeting apps are often targeted and turned into weapons by hackers as they are...

Hackers Exploiting Legitimate RMM Tools With BugSleep Malware

Since October 2023, MuddyWater, which is an Iranian threat group linked to MOIS, has...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles