$ 7 in one hand - Equifax pays so much for draining PD

Even a few years later, the situation around the US credit bureau data leak was not resolved. Let's discuss how it develops and other major leaks that have occurred during this time.





Photo - Hermes Rivera - Unsplash



Situation at a glance



In 2017, the credit bureau Equifax reported a large-scale cyberattack, as a result of which the personal data of nearly 150 million Americans were stolen . Then the publication Ars Technica called the situation “the worst leak of all time,” because it affected social security numbers, credit cards and driver's licenses. The reason was a vulnerability in the open source Apache Struts framework ( CVE-2017-5638 ) related to an error in handling exceptions when uploading files. Equifax specialists did not have time to install the “patch” released two months before the cyber attack.



Several regulators were involved in the investigation: the US Federal Trade Commission (FTC), the Bureau of Financial Consumer Protection and prosecutors in most states. As a result, the credit bureau agreed to pay compensation in the amount of $ 700 million - this amount includes fines and payments for US citizens whose data leaked to the network. However, the size of these payments has raised questions.



Why are the payouts so small



The Equifax situation received widespread media coverage, and the bureau was criticized by the community. Despite this fact, US citizens are in no hurry to receive their compensation - at the moment , about 10% of victims have applied . They were offered two payment options: compensation for credit monitoring costs in the amount of $ 125 or cash.



. Equifax , . , , $31 . , , $6,8.


It is not yet clear how the situation will develop further, but the FTC got involved in its solution - the commission published an open letter in which it urged citizens to abandon cash and choose compensation for the costs of credit monitoring.





Photo - Barthelemy de Mazenod - Unsplash



At the beginning of the year, an American court completed the consideration of another case related to a leak in a credit bureau. Equifax will additionally pay up to $ 20 thousand to all clients who have suffered financial losses due to the leakage of personal data. The court also ordered the bureau to direct $ 1 billion to develop IT infrastructure and increase the protection of PD. Although the organization notes that between 2018 and 2020 they have already allocated billion dollars to strengthen information security.



Who else paid and will pay for leaks



Over the past few years, Equifax's data leak has become one of the largest, but not the only one. For example, in October 2019, Yahoo agreed to spend $ 117.5 million on payments to users affected by the 2013 PD leak. According to preliminary estimates, each of them will receive approximately $ 358. Although experts expect that in practice this amount will be significantly less (as in the case of Equifax).



In the near future, Facebook will also have to make a large payment. In the fall , more than 400 million phone numbers of users of the social network got on the Internet , since their database was stored on an unprotected server. The Irish regulator was one of the first to become interested in this issue, and according to the GDPR it can impose a fine in the amount of $ 2.2 billion. But it is too early to say what part of this amount will go directly to payments to affected users.



Given the regular hacks and discharges, you need to stay on your guard: take measures to protect personal data and study materials on the topic yourself - that’s why we prepared a small digest (at the end of the post).



More materials in our corporate blog:



Potential attacks on HTTPS and how to protect against them

How to “cover up” and remove yourself from most popular services

How to protect a virtual server on the Internet

Benchmarks for Linux servers








All Articles