A deal could be announced as early as today that Equifax will pay as much as $700 million to settle investigations from the Federal Trade Commission, Consumer Financial Protection Bureau, and state Attorneys General stemming from a 2017 data breach that exposed the personal information of nearly 150 million individuals.
News of the settlement was published late Friday night.
Labeled as one of the biggest data breaches in history, the hack allegedly occurred because Equifax failed to apply a security patch that was released to address a vulnerability. The patch was released two months before the hack occurred. Hackers gained access to names, birth dates, Social Security numbers, and driver’s license numbers.
Interestingly enough, the information that was stolen has not shown up “in the kinds of online forums in which stolen personal data is often bought and sold,” according to cybersecurity experts.
The actual amount of the fine to be paid by Equifax was still being negotiated, according to published reports, but would be between $650 million and $700 million. Most of what Equifax pays will go toward compensating individuals who were impacted by the breach, according to the report.
The size of the fine is less than what many may have been expecting, but the FTC has “limited ability to impose fines, which has become challenging as the number and severity of data breaches grow,” according to the report.