Equifax Inc., one of the three biggest US credit-reporting firms, is about to reach an agreement with the Federal Trade Commission, the Consumer Financial Protection Bureau and most state attorneys general, under which it will pay a $700 million fine over a 2017 data breach, The Wall Street Journal reported Friday.
The settlement may be announced as soon as Monday, sources familiar with the matter told WSJ. The exact amount of money Equifax will have to pay may change, depending on the number of consumer claims filed.
According to Wall Street Journal sources, the settlement will establish a fund to compensate consumers for harm caused by the breach. A website and a phone line will be created to process claims filed by the victims.
The settlement will also oblige the company to overhaul its security network, a task estimated to cost the company an additional $1.25 billion, the report said.
The 2017 hack exposed nearly 150 million US citizen names, Social Security numbers, birth dates and addresses. According to the report, hackers were able to rummage undetected through the company’s network for months. Equifax did not report the breach for a period of six weeks after it was initially detected.
The scandal led to the resignation of the company CEO and to a Congressional hearing during which lawmakers grilled executives about the company’s handling of consumer data and its inability to report the breach in a timely fashion.
