It's hard to imagine any organization agreeing to a $700 million settlement after a data breach, but Equifax just did.
And it is exactly what Equifax is calling it: a comprehensive resolution of significant U.S. consumer-related litigation and regulatory matters facing the company related to its 2017 cybersecurity incident.
The resolution includes settlement agreements that would resolve the multi-district consumer class action litigation, as well as investigations by the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB), the Attorneys General of 48 states, Puerto Rico and the District of Columbia, and the New York Department of Financial Services (NYDFS).
The settlement would establish a $425 million fund:
It also has agreed to make payments totaling $290.5 million directly to certain state and federal regulatory agencies and to pay attorneys' fees and costs in the multi-district litigation.
Equifax CEO Mark Begor spoke about the settlement in an early morning conference call on July 22, 2019:
"This comprehensive settlement is a positive step for U.S. consumers and Equifax as we move forward from the 2017 cybersecurity incident and focus on our transformation investments in technology and security as a leading data, analytics, and technology company.
The consumer fund of up to $425 million that we are announcing today reinforces our commitment to putting consumers first and safeguarding their data - and reflects the seriousness with which we take this matter.
We have been committed to resolving this issue for consumers and have the financial capacity to manage the settlement while continuing our $1.25 billion EFX2020 technology and security investment program.
We are focused on the future of Equifax and returning to market leadership and growth."
A court must still approve this Equifax data breach resolution. And it will be interesting to see how the settlement is discussed on an Equifax earnings call later this week.