Equifax is one of the three credit reporting firms in the US that suffered a massive data breach in 2017 that exposed the personal and financial state of literally half the country (more than 150 million people). As a result, Equifax was ordered to pay a hefty $700 million fine to settle a series of Federal and State investigations. While the size of the fine sounds impressive, digging a bit deeper reveals it to be a bit underwhelming.
Only $425 million of that fine will go into a fund designed to actually reimburse impacted customers. However, Equifax will be allowed to earmark an unspecified portion of that to provide free credit monitoring services to anyone who was impacted by the breach.
Here’s the problem: Free Credit Monitoring is actually a money-maker for Equifax because of the way the “free” service is offered. It’s free for a year, and then automatically converts to a paid service. Given that most people don’t pay close attention to that sort of thing, a significant percentage of customers will continue paying Equifax for their credit monitoring service, which essentially sees the company profiting from their own data breach.
In any case, impacted customers will be eligible for a small amount of money from Equifax if their data was compromised. The company is on the hook for paying some $300 million in fines and civil penalties across 50 states and to the Consumer Financial Protection Bureau.
On top of that, the company has been ordered to provide all American consumers, (whether they were impacted by the breach or not), six free credit reports each for the next seven years. This is in addition to the one free annual credit report they already get beginning in January 2020.
It’s a decent settlement, but it lets Equifax off the hook too easily. That is especially true given that they can turn one of the largest data breaches in American history into a profit center. The CFPB could have and should have demanded more.