The massive 2017 data breach in Equifax compromised more than 140 million sensitive data, including social security numbers, payment card details, among others. Recently, data protection specialists reported that the company had reached an agreement with U.S. government agencies, an agreement that included payment of about $650M USD for damage repair.
One of the highlights of the agreement is the creation of a fund of around $380M USD to compensate the users affected by the incident; in addition, Equifax undertook to add another $100 million if the authorities concluded that the data breach resulted in losses greater than the initial amount of the fund.
According to data protection experts, the agreement also includes the money Equifax has had to invest in hiring credit monitoring services, a service offered for free to the company’s millions of customers.
To begin with, people affected by the data breach will be able to aspire to compensation for the time they spent trying to protect their information. In addition, they may also claim a refund of up to $20k USD for traceable monetary losses.
The current CEO of the company stated: “This is a great deal for the benefit of American consumers; it will also help us move towards consolidating our role as a leading company in the field implementing a complete IT security environment, so the security of our customers’ information will become the company’s most important asset.”
According to data protection specialists from the International Cyber Security Institute (IICS), in early 2019 a judge denied the company a request to dismiss the class action against it. Although this agreement appears to have imposed a gigantic fine on the company, cybersecurity experts say that if the authorities really wanted all the victims of the Equifax data breach to be rewarded, the agreement would establish a amount not less than $2 billion USD.
Affected users have about six months to demand compensation based on the impact generated by the incident.