Serviceteam IT Security News

A federal judge has approved a multi-million-dollar settlement to resolve claims made by financial institutions against Equifax following a data breach three years ago. 

Between May and June 2017, cyber-criminals gained access to around 150 million records of Atlanta-based credit monitoring service Equifax by exploiting an unpatched Apache Struts vulnerability. 

The breach impacted roughly 56% of America’s population and millions of consumers in the UK, costing Equifax over $1.35bn in losses.

Information exposed included names, Social Security numbers, dates of birth, addresses, and in some cases, driver license numbers.

A suit brought against Equifax by financial institutions after they were forced to absorb the expense of the breach has now been settled. 

Chief Judge Thomas Thrash of the Northern District of Georgia gave final approval to the $7.75m settlement yesterday during a hearing held via Zoom. Legal fees of $2m were included in the resolution. 

As part of the agreement, Equifax has committed to investing an additional $25m to enhance data security measures tailored to financial institutions. The investment is scheduled to occur over the next two years. 

Thrash described the settlement as “an excellent one” and said that the class lawyers’ request for $2m in legal fees was “appropriate.”

“The fact there were no objections from class members weighs in favor of approving the settlement,” stated Thrash.

Equifax has ring-fenced $5.5m to pay up to $5,000 to each financial institution for costs associated with the theft of customers’ personal information or fraud losses. 

Each of the 21 financial institutions listed as plaintiffs in the multi-district litigation will be paid $1,500 from the fund.

The settlement with the financial institutions is separate from a $1.4bn settlement reached by Equifax in December 2019 with legal representatives of roughly 147 million consumers whose data was exposed in the 2017 breach. Included in that settlement was $77.5m in legal fees and over $1.4m in expenses for class-action lawyers.

In April this year, Equifax agreed to pay $19.5m to settle a separate class-action lawsuit brought by the State of Indiana over the 2017 data breach. 

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!