Equifax may even pay $275 million in civil penalties and different compensation to 48 states, Washington, Puerto Rico and the Shopper Monetary Safety Bureau.
The FTC alleges Equifax violated the company’s prohibition towards unfair and misleading practices. The FTC mentioned Equifax didn’t correctly safeguard peoples’ private data regardless of claiming in its privateness coverage that it applied “cheap bodily, technical and procedural safeguards” to guard their knowledge.
“Corporations that revenue from private data have an additional accountability to guard and safe that knowledge,” mentioned FTC Chairman Joe Simons in a press release. “Equifax didn’t take primary steps which will have prevented the breach.”
The hack, the most important in US historical past, uncovered delicate data, together with names, Social Safety numbers, drivers’ license numbers and addresses.
Equifax didn’t reply to CNN Enterprise’ request for remark.
Hackers leveraged a safety flaw in a instrument designed to construct internet purposes to steal buyer knowledge. Equifax admitted it was conscious of the safety flaw a full two months earlier than the corporate says hackers first accessed its knowledge.
The information breach prompted the resignation of CEO Richard Smith and investigations by federal regulators, a number of states attorneys common and the corporate faces various civil lawsuits.