A global settlement was announced today in a proposal filed by the Consumer Financial Protection Bureau, Federal Trade Commission, and 48 states, the District of Columbia and Puerto Rico. Equifax has agreed to pay $175 million to the states, $100 million to the CFPB in civil penalties, and $425 million to cover the “time and money spent [by the consumers affected by the breach] to protect themselves from potential threats of identity theft or addressing incidents of identity theft as a result of the breach,” said CFPB Director Kathy Kraninger in a press conference.
“The incident at Equifax underscores the cybersecurity threats confronting private and government computer systems, and actions they must take to shield personal information,” Kraninger added. “Too much is at stake for the financial security of the American people to make these protections anything less than a top priority.”
Taking more than a year to patch up [security] vulnerabilities that were exploited by cyber attackers is “unacceptable,” Chief Information Security Officer at Hyundai Capital America Eddie Younker said at Auto Finance Accelerate earlier this year. “Almost 100% of exploited vulnerabilities by attackers were compromised more than a year after the controls for the vulnerability were made publicly available. Equifax is a good example.”
The Equifax settlement nudged the FTC to renew a call to Congress to allow the regulator to seek civil penalties against financial institutions for first-time offenses, agency Chairman Joe Simons said during the press conference. “It doesn’t pay to undermine cybersecurity,” he said.
On top of that, Rep. Patrick McHenry (R-N.C.), the ranking member of the House Financial Services Committee, has proposed reforms to the credit reporting industry that has “failed to protect consumers,” he said in a press release. McHenry’s bill grants the CFPB authority to oversee the cybersecurity efforts of Equifax, TransUnion and Experian. The bill also prevents reporting agencies from using Social Security Numbers to verify consumers.
Auto financiers have grappled with the effects of the Equifax breach since September 2017 — and how best to move forward. Lenders are going to have to rely more on alternative forms of credit and identity analysis, Frank McKenna, chief fraud strategist at PointPredictive, previously told AFN. Social Security Numbers were once great identifiers, but nearly half the population’s numbers have been compromised.