The fallout from massive 2017 data breach that struck credit reporting giant Equifax is still not over. So far, it has cost the company over $1.4 billion and that figure is still expected to rise substantially.
Equifax is still the subject of over 1,000 consumer lawsuits in state and federal courts. Additional penalties could also still be forthcoming from the Consumer Financial Protection Bureau (CFPB), the Federal Trade Commission (FTC), and the New York State Department of Financial Services.
Matthew J. Schwartz reported on Equifax’s woes for BankInfo Security:
Equifax’s data breach resulted in the exposure of the personal data of 148 million individuals in the U.S., or 56 percent of all American adults – representing nearly half of the total U.S. population. The breach also exposed information for 15 million U.K. citizens and about 20,000 Canadians. The breach led to Congressional probes, probes by privacy authorities in the U.K. and Canada, and dozens of lawsuits and formal investigations by state attorneys general. It also led to the departure of the company’s CEO, as well as its top two information security personnel.
A House report into the breach released last December concluded that the breach “was entirely preventable,” while a Senate report from last month concluded that the breach response was “inadequate and hampered by Equifax’s neglect of cybersecurity”
A U.S. Government Accountability Office report released last September into the 76-day breach, via which attackers slowly exfiltrated data from 51 databases, identified five key factors that contributed to the breach: identification, detection, segmentation and data governance, as well as a failure to rate-limit database requests. Had any one of those factors been better handled, GAO said, the breach may not have occurred (see: Postmortem: Multiple Failures Behind the Equifax Breach).
Equifax had a $125 million cybersecurity insurance policy at the time it was breached, with a $7.5 million deductible. “We have received the maximum reimbursement under the insurance policy of $125 million, all of which was received prior to 2019,” it says.
