According to The Wall Street Journal, Equifax will pay around $700 million to settle with the Federal Trade Commission over the 2017 data breach.
The security breach suffered by Equifax in 2017 exposed private information of nearly 150 million individuals. Compromised records included names, social security numbers, birth dates, home addresses, credit-score dispute forms, and for some users also the credit card numbers and driver license numbers.
“Under the agreement, the credit-reporting firm would pay around $700 million to settle with the Federal Trade Commission, the Consumer Financial Protection Bureau and most state attorneys general, according to people familiar with the matter. The deal would also resolve a nationwide consumer class-action lawsuit, they said.”
According to unnamed sources familiar with the matter, that settlement could be announced as soon as Monday.
Back in 2017, attackers exploited the CVE-2017-5638 Apache Struts vulnerability. The vulnerability affected the Jakarta Multipart parser upload function in Apache and could be exploited by an attacker to make a maliciously crafted request to an Apache web server.
Early 2019, the company confirmed that it had set aside around $690 million to cover anticipated settlements and fines.
“In a May securities filing, Equifax said it had set aside $690 million to cover expenses pertaining to investigations and lawsuits. Chief Executive Mark Begor told analysts that month that a global settlement was in the works that would cover “many of the significant issues facing the company.” concludes the WSJ.