Equifax, a popular credit score agency, has agreed to pay $700m as part of a settlement for a data breach in 2017. The Federal Trade Commission believes Equifax failed to take proactive measures to secure its network. Consequently, 147 million people had their data exposed as a result of the hack.
$300m is going towards reimbursing the victims for identity theft services and other expenses. That figure may rise to $425m depending on the extent of the consumers’ losses. Additionally, the company must pay a penalty to the Consumer Financial Protection Bureau and all 50 US states and territories.
The Federal Trade Commission chairman Joe Simons explains, “This settlement requires that the company take steps to improve its data security going forward and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”
The agency confirms that the hackers copied:
- At least 147m names and birth dates
- Approximately 145.5m social security numbers
- 209,000 payment card numbers and expiration dates
The international response has been similar, with the UK’s Information Commissioner’s Office issuing the company a 500,000 GBP fine for the 15m UK citizens impacted by the breach.
The Data Breach
In March 2017, Equifax was warned that there was a critical vulnerability in one of its databases. The database was used by the public to run their own credit reports, but this feature also provided hackers with an entry point into Equifax’s IT systems.
Following the discovery, Equifax’s security team ordered that the system be patched within 48 hours of its discovery. Unfortunately, the firm failed to ensure that the work was performed, allowing hackers to steal customers’ personal information over the span of several months.
Alarmingly, it was discovered that customers’ sensitive information was stored unencrypted in plain text, making it even easier for hackers to exploit the data for their own use.
In addition to the payout, Equifax has agreed to add the following procedures to their corporate processes:
- Carry out an annual audit of security risks
- Submit to an external assessment of its security system every 2 years
- Ensure that third parties with access customers’ personal data also have adequate data protection measures in place.
The Takeaway
It’s easy for a small business owner to read about a large-scale data breach and think, “We’re too small to be a target, no one will try to hack my business.” Sadly, the reality is that small businesses get hacked more frequently than large corporations. Hackers recognize that small businesses are laxer with their cyber security protocols and are less likely to have a knowledgeable IT engineer protecting their systems. This makes them prime targets for exploitation by hackers who would rather target companies that are easy to breach and more likely to pay out to ransom.
The results of a data breach can easily shutter a small business. As with Equifax, data breaches are expensive events that require companies to payout fines, cover losses, and pay for cyber security coverage that, had they acquired from the beginning, would have saved them money in the end. This doesn’t even cover the loss of reputation that can stagnate growth for years, well after the event is over.
So, what is a small business to do? Schedule a free consultation with an IT Managed Service Provider that offers cyber security! An experienced IT support specialist will identify vulnerabilities within your computer network and recommend solutions that will protect you, your clients and your business. It costs nothing and could save you everything, so why would you wait? Call us at 914-934-9775 or email us at info@p-connect.com to schedule a FREE consultation today.