Equifax is set to pay out as much as $700 million in a settlement after millions of people’s data — including in Canada — was breached in 2017, reports said Friday
Reports varied on the settlement’s amount, however.
The Wall Street Journal reported that the credit monitoring agency is preparing to pay the money in an effort to settle investigations with the Consumer Financial Protection Bureau, the Federal Trade Commission and a number of state attorneys general, citing unnamed people who were “familiar with the matter.”
WATCH: Oct. 5, 2017 — Citizen activist group sends ‘Monopoly Guy’ to Equifax hearing
The New York Times, meanwhile, reported that the company would pay an amount closer to $650 million, citing two unnamed people who were close to the discussions.
The company said at the time that criminals had penetrated the data by exploiting an application between mid-May and July that year.
It later turned out that hackers exploited a software flaw that developers hadn’t patched, the Journal noted.
Hackers also managed to scan the company’s network for months using a scanning tool that wasn’t working properly.
The breach saw information such as people’s birthdays, driver’s licence and Social Security numbers exposed.
Equifax CEO Richard Smith retired after news of the cyberattack emerged.
“At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward,” he said at the time.
His departure followed those of Equifax’s chief security officer and chief information officer.
As part of the settlement, a fund will be set up to compensate people who had experienced harm due to the breach, with a call centre and website handling claims, the Journal reported.
Equifax will be required to change how it manages consumer data, the newspaper added.
The New York Times noted that the fine is about in line with what Equifax expected to pay, having said in a financial filing that it set aside $690 million for legal costs linked to the hack.
WATCH: July 14 — Desjardins data breach a test of Bill C-59 and its various interfaces
That fine, however, is smaller than what Wells Fargo had to pay — $1 billion — after it settled charges for having forced fees and products on customers.
Canada’s privacy commissioner said in April that Equifax Canada and its American-based parent “fell far short of their obligations to Canadians.”
The commissioner criticized the company for having “poor security safeguards, retaining information too long, inadequate consent procedures, a lack of accountability for Canadians’ information and limited protection measures offered to affected individuals after the breach.”