Equifax to pay up to $700m in a 'global settlement' following 2017 data breach


By Alexandra Leonidou

Equifax's security failures leading to this breach were serious.  Equifax failed to respond to a known vulnerability for over 3 months (whereas the information security team required patches to be applied within 48 hours).  The technical and security-focused postmortems will continue and there is of course a lot for Boards and security teams to learn.

However, there are a couple (at least!) of other equally salutary lessons here for businesses with strategically valuable datasets.  

For example, the FTC has commented that "companies that profit from personal information have an extra responsibility to protect and secure that data" (my emphasis).  There's a reasonable argument that almost all modern businesses "profit from personal information" to some extent, but nonetheless this is a clear signal that many businesses will need to 'raise the bar' in terms of their approach to and investment in data security.

Secondly, the Director of the Consumer Financial Protection Bureau has also been quoted as saying that Equifax engaged in "unfair and deceptive practices" and "broke the law before and after the breach".  We frequently have this very same conversation with clients: what you do after a breach counts.  It is unfortunately all too easy to generate more risk (for the affected data subjects and the business) through inappropriate or ill-informed conduct in the hours, days, weeks and months following a data breach.  

“Companies that profit from personal information have an extra responsibility to protect and secure that data,” said the FTC chairman, Joe Simons.
featured image

As a free user, you can follow Passle and like posts.

To repost this post to your own Passle blog, you will need to upgrade your account.

For plans and pricing, please contact our sales team at

Sorry, you don't have permission to repost or create posts.

Repost successful!

View the repost

Repost successful!

Your repost is currently a draft. Review your repost and request approval.

Something went wrong whilst reposting - please try again.

Sorry - this is not an option. This post already exists in the Passle you have selected.

Try reposting to another Passle.