Maryland will receive $5.7 million through a settlement with Equifax over the massive 2017 data breach that exposed the information of more than half of American adults.
The payment to Maryland is part of a wider agreement announced Monday, which includes consumer restitution fund of up to $425 million and civil penalties to the federal government, 48 states, D.C. and Puerto Rico totaling $275 million, according to the office of Maryland Attorney General Brian Frosh. The company will pay up to 700 million, according to the Federal Trade Commission.
Discovered on Sept. 7, 2017, the credit reporting agency affected more than 147 million consumers, becoming the largest breach of consumer data ever. The information breached included social security numbers, names, dates of birth, addresses, credit card numbers and driver’s license numbers. In turn, the company is now paying the largest ever consumer data breach settlement in history.
Frosh spoke at the national press conference on the settlement held Monday morning, as was among the leaders of the investigation.
Our settlement sets a standard all credit reporting agencies, not just #Equifax, must adhere to when protecting consumers’ personal info. pic.twitter.com/A49ZY0UxDj
— Brian Frosh, Former Attorney General of Maryland (@BrianFrosh) July 22, 2019
“Equifax’s data breach affected the personal information of millions of Americans, leaving them vulnerable to identity theft and misuse of their personal records,” Frosh said in a statement. “Our investigation and settlement will result in restitution to affected consumers. It also requires Equifax to make significant changes in the way it does business. Its protection of the personal information that it collects will be enhanced significantly, and Equifax will pay for oversight and monitoring to ensure that it does its job.”
On the Equifax side, the breach was traced to a vulnerability in the company’s ACIS database, “which handles inquiries from consumers about their personal credit data,” the FTC states. Equifax failed to patch the vulnerability when it was first discovered in March 2017, and the breach itself went unnoticed for 76 days, according to Frosh’s office.
The company was ordered to implement an information security program requiring specific measures, including an annual assessment of the program, testing and monitoring and designating an employee to oversee the program.
For consumers, Equifax will offer credit monitoring for 10 years to affected customers, and provide six free credit reports each year for seven years to all U.S. consumers. More information is available via the FTC’s Equifax website.
Before you go...
Please consider supporting Technical.ly to keep our independent journalism strong. Unlike most business-focused media outlets, we don’t have a paywall. Instead, we count on your personal and organizational support.
3 ways to support our work:- Contribute to the Journalism Fund. Charitable giving ensures our information remains free and accessible for residents to discover workforce programs and entrepreneurship pathways. This includes philanthropic grants and individual tax-deductible donations from readers like you.
- Use our Preferred Partners. Our directory of vetted providers offers high-quality recommendations for services our readers need, and each referral supports our journalism.
- Use our services. If you need entrepreneurs and tech leaders to buy your services, are seeking technologists to hire or want more professionals to know about your ecosystem, Technical.ly has the biggest and most engaged audience in the mid-Atlantic. We help companies tell their stories and answer big questions to meet and serve our community.
Join our growing Slack community
Join 5,000 tech professionals and entrepreneurs in our community Slack today!