Equifax to Pay Up to 700 Million in 2017 Data Breach Case

July 22, 2019

The CFPB, the FTC, and 48 State AGS today announced a settlement with Equifax arising from the 2017 data breach that compromised personal data of 143 million Americans. The company, which offers authentication services, failed to safeguard the names, addresses, dates of birth and SSNs of 147 million Americans, and then failed to act once aware of the breach. EPIC President Marc Rotenberg testified before the House in 2018 and the Senate in 2017 about the Equifax breach. Rotenberg warned lawmakers and regulators that "the Equifax data breach is one of the most serious in the nation's history." EPIC urged lawmakers to update federal privacy laws and also ensure that the CFPB pursues an effective investigation. In the Harvard Business Review, Rotenberg explained the significance of the breach. "Reforms should not just fix these problems but also aim to transform the industry for the better," he wrote. Under the terms of the settlement, Equifax will pay up to 425 million to consumers impacted by the breach as well as a 100 million civil fine. EPIC has recently renewed calls for the creation of a US Data Protection Agency.

Support Our Work

EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.