Equifax suffered one of the biggest security breaches in 2017. Between May and July 2017, cybercriminals accesses about 145.5 million Equifax consumer’s personal data. Equifax also confirmed at least 209,000 consumers' credit card credentials were taken in the attack. The breach also affected residents in the United Kingdom and Canada.
Following this breach, a federal judge in Atlanta has given final approval to a settlement that resolves a class-action lawsuit against Equifax. The company has agreed to set aside a minimum of US$ 380.5 million as breach compensation, whereby the 147 million consumers affected can make a claim.
Equifax will also spend another US$ 1 billion on transforming its information security over the next five years. The 2017 breach was caused by a buggy component in the open-source Apache Struts framework for which a patch was available at the time of the breach.
The settlement is seen as the largest and most comprehensive recovery in a data breach case in US history.
Apart from compensation, Equifax will also provide up to four years of free three-bureau credit monitoring and identify protection services to victims of the data breach. In addition, the company will provide another six years of its own credit monitoring and identity protection service for free.
Judging by this, organisations all around the world should be wary and accountable for the data of their users. Breaches can and will continue to happen as cybercriminals continue to find more advanced ways to exploit data. Organisations need to continue to monitor and update their cybersecurity to ensure they can avoid any unwanted incidences.