2017 Data Breach Will Cost Equifax At Least $1.38 Billion !!EXCLUSIVE!!
Equifax announced on Monday that it has agreed to a record-breaking settlement related to its massive 2017 data breach, which exposed the personal and financial records of more than 148 million people. The settlement requires the beleaguered credit ratings agency to spend at least $1.38 billion to resolve consumer claims against it. It creates a non-reversionary fund of $380.5 million to pay benefits to the class of consumers harmed by the breach, including cash compensation, credit monitoring, and help with identity restoration.
2017 Data Breach Will Cost Equifax at Least $1.38 Billion
At any rate, once the breach was publicized, Equifax's immediate response did not win many plaudits. Among their stumbles was setting up a separate dedicated domain, equifaxsecurity2017.com, to host the site with information and resources for those potentially affected. These sorts of lookalike domains are often used by phishing scams, so asking customers to trust this one was a monumental failure in infosec procedure. Worse, on multiple occasions official Equifax social media accounts erroneously directed people to securityequifax2017.com instead; fortunately, the person who had snapped up that URL used it for good, directing the 200,000 (!) visitors it received to the correct site.
That doesn't mean the Equifax breach cost the company nothing, though. Two years after the breach, the company said it had spent $1.4 billion on cleanup costs, including "incremental costs to transform our technology infrastructure and improve application, network, [and] data security." In June 2019, Moody's downgraded the company's financial rating in part because of the massive amounts it would need to spend on infosec in the years to come. In July 2019 the company reached a record-breaking settlement with the FTC, which wrapped up an ongoing class action lawsuit and will require Equifax to spend at least $1.38 billion to resolve consumer claims.
This was a lot of anguish just to find out if you were one of the unlucky 40 percent of Americans whose data was stolen in the hack. Things have settled down in the subsequent years, and now there's a new site where you can check to see if you're affected, with yet another somewhat confusing name: eligibility.equifaxbreachsettlement.com/en/Eligibility.
First the good news: worldwide, the average cost of a data breach has fallen nearly half a million dollars compared to last year. A data breach of 100,000 records or less now costs about $3.8 million on average, though this figure varies from nation to nation.
Compared to 2015, this list looks quite different. Throughout the last five years, healthcare has remained as the most expensive industry for a data breach overall, though the cost fell from $8.6 million in 2015 to $7.1 million today. In 2015, the education and communication industries sat in the top five most-costly breaches, and have since fallen down the list.
As first reported by BankInfo Security, the federal judge has given final approval for a settlement that deals with a class action lawsuit against Equifax.Mirroring an agreement reached between Equifax and the Federal Trade Commission last year, the settlement sees the tens of millions of Americans affected by the breach given the choice between free credit monitoring or a cash payment.While the cash payment is nominally worth up to $125 per victim, in reality it is likely to be significantly less because of a 31 million disbursement cap on the total pool available. With so many opting for the cash payment option, the FTC has urged people to instead take the free credit monitoring. Anyone wishing to take the cash has until 22 January to make a claim.A far larger slice of the settlement - around $1 billion - is dedicated to making security upgrades in the wake of the breach, which compromised the personal information of around 145 million Americans. A senate investigation found numerous failings by the credit rating agency both before and after the breach. The investigation found problems with Equifax's cyber-approach going back way before the breach. The firm had no standalone written corporate policy governing the patching of known cyber vulnerabilities until 2015.Even when this was remedied and an audit found thousands of vulnerabilities, several issues were not actually addressed before the 2017 attack.And once the hackers were inside Equifax's systems, the damage could have been minimised but usernames and passwords were saved on a file share by employees - a move designed to make business more efficient. In addition, Equifax did not have basic tools in place to detect and identify changes to files.
A federal judge in Atlanta has given final approval to a settlement that resolves a class action lawsuit against credit bureau Equifax, which in 2017 suffered one of the largest data breaches in history.
Equifax failed to catch such a large exfiltration of data because a security certificate on a traffic monitoring device had expired, the report says. The breach was immediately detected on July 29, 2017, when Equifax updated the security certificate.
Equifax has agreed to pay $380.5 million to resolve allegations related to the 2017 data breach in which hackers stole information belonging to some 147 million Americans, under the terms of a settlement approved by a federal judge.
Under the terms of the settlement, Equifax will deposit the $380.5 million into a fund where members of the class action suit can withdraw up to $20,000, if they can prove out-of-pocket losses. Equifax may also be required to add $125 million for additional out-of-pocket claims, and spend at least $1 billion on improving its data protection capabilities.
On September 26, 2017, CNBC reported that, Richard Smith, CEO and chairman of Equifax, abruptly retired Tuesday following a data breach at the credit-reporting service that affected the personal information of 143 million people.
As our world has become increasingly reliant on technology and data stored online, data breaches have become an omnipresent threat to users, businesses, and government agencies. In 2021, a new record was set with more than 5.9 billion user records stolen.
The largest data breach recorded occurred in 2013 when all three billion Yahoo accounts had their information compromised. In that cyberattack, the hackers were able to gather the personal information and passwords of users. While the full extent of the Yahoo data breach is still not fully realized, subsequent cybercrimes across the globe have been linked to the stolen information.
A 2021 IBM security report estimated that the average cost per data breach for companies in 2020 was $4.2 million, which represents a 10% increase from 2019. That increase is mainly attributed to the added security risk associated with having more people working remotely due to the COVID-19 pandemic.
Regardless of the measures businesses take, the unfortunate reality is that data breaches are a cost of doing business in the modern world and will continue to be a concern to both companies and users.
In the aftermath of a breach, companies are quick to express that lessons will be learnt. Unfortunately, in a case of history repeating itself, the Canadian Revenue Agency was once again hitting the headlines. In 2017, just 3 years after Heartbleed, the company had to shut down its website for filing federal taxes due to falling victim to the open source Apache Struts2 vulnerability.
A well know example is the Equifax data breach in 2017, which remains one of the largest cybercrimes related to identity theft. The private records of 147.9 million Americans along with 15.2 million British citizens and approximately 19,000 Canadian citizens were compromised in the breach.
Recent estimates suggest the 2017 Equifax data breach cost the company at least $1.38 billion, with some sources suggesting the final bill could be closer to $2 billion. The root cause of the data breach was the failure to patch a known open-source web application security flaw. The company effectively left the door open for cyber criminals to walk in and wreak havoc.
Cybercrime has become a highly lucrative operation; it is not going away and is only set to worsen as companies continue to engage digital technology. Many have taken out cyber insurance to insulate themselves from the punishing costs of cyber-attacks and data breaches.
Log4J was originally released in 2001, and over the last 20 years it has been used in billions of software developments and applications across the world. For logging incidents within software, Log4j is used by everything from the humble 404 error message, gaming software such as Minecraft, and Cloud providers such as iCloud and Amazon Web Services, as well as for all manner of software and security tools.2 On 9 December 2021, the zero-day vulnerability in the Java logger Log4j 2, known as Log4Shell, sent shockwaves across organisations as security teams scrambled to patch the flaw. If left unfixed, attackers can break into systems, steal passwords and logins, extract data, and infect networks with malicious software causing untold damage, not least to brand reputations.
Shares of Equifax (EFX -0.18%) gained 50.5% in 2019, according to data from S&P Global Market Intelligence . The credit-reporting company's stock rose thanks to a series of earnings beats and with the shadow of the big 2017 data breach receding further into the rear view.
The company's shares wound up roughly flat in 2017 after recovering from the data-breach sell-off and then fell roughly 21% in 2018 after a weak quarterly report and sell-offs for the broader market hit at the end of the year. With market momentum at its back and four consecutive quarterly reports that topped earnings estimates, Equifax stock was able to post a substantial recovery last year.
Although the company's earnings dipped in three of the four quarters reported last year, profits came in higher than the average analyst target in each quarter. Equifax's revenue and earnings performance also looked better on a currency-adjusted basis, and investors rewarded the solid performance by pouring back into the company's stock. At the end of the 2019 rally, shares traded roughly in line with the value that they had achieved before the 2017 data breach.