Data-spaffing consumer credit biz Equifax is offering a package of roughly $700m in order to kill off lawsuits regarding its 2017 super-cyber-heist.
The credit reporting agency announced on Monday it has proposed the payout in hopes of settling class-action suits, as well as state and federal investigations, over its conduct before and after hackers ransacked its systems and gained access to more than 145 million peoples' personal information.
The settlement proposal has yet to be accepted by judges in the cases, though the US Federal Trade Commission, Consumer Financial Protection Bureau, and attorneys general of the 50 states and territories suing Equifax have all signed off on it.
The terms of the deal include a consumer restitution fund that will range from $300m-425m, depending on how many people file claims. In addition $175m will go to the states and territories, and another $100m will be earmarked for the CFPB. Equifax also agreed to cover the attorney fees and costs for the litigation.
It basically amounts to about four or five bucks per person affected by the database intrusion. Having said that, you can, if the courts approve this settlement, claim free credit monitoring or $125 cash, if you were affected by the cyber-intrusion, or apply for a compensation up to $20,000 if you were particularly hit, via this website set up by Equifax.
"Companies that profit from personal information have an extra responsibility to protect and secure that data," FTC chairman Joe Simons said of the proposed deal.
Equifax reveals full horror of that monstrous cyber-heist of its serversREAD MORE
"Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers. This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud."
Meanwhile, Equifax execs are hoping the massive payout will draw a line under the fallout from the 2017 mega-hack and allow the credit reporter to push its other projects.
"This comprehensive settlement is a positive step for US consumers and Equifax as we move forward from the 2017 cybersecurity incident and focus on our transformation investments in technology and security as a leading data, analytics, and technology company," Equifax CEO Mark Begor said.
"The consumer fund of up to $425m that we are announcing today reinforces our commitment to putting consumers first and safeguarding their data – and reflects the seriousness with which we take this matter."
Not everyone is so happy with the settlement package, however. US Sen. Ron Wyden (D-OR) put out a statement on Monday blasting the proposals and arguing that company execs should have been personally prosecuted for their negligence in handling the personal information of others.
"Equifax leaders knew its security was pitifully weak and yet did nothing to correct it, according to the FTC. In a just world, these executives would be going to jail," reads Silicon Ron's statement to El Reg.
"No one should be able to collect deeply sensitive information on 200 million people without their consent, treat it with reckless disregard and then just pay a fine when a predictable, easily avoidable hack takes place." ®