Equifax, one of the three major credit bureaus in the United States, is reportedly set to pay nearly $700 million USD in fines related to the 2017 data breach that exposed the social security information of 145 million Americans. The 2017 breach was revealed in September of that year, and since then the Federal Trade Commission (FTC) and state governments have been working to determine a penalty for the data exposure that derailed the lives of so many. Neither the FTC nor the credit bureau have officially announced what the exact fine will be for the data breach, but the government is expected to make an announcement on Monday with their final decision.
The 2017 Data Breach
Experts say that the 2017 Equifax data breach was one of the most severe accounts of data exposure in history. Social Security and drivers license information for as many as 145 million Americans was exposed during the months of May-July 2017. Equifax said in its original statement when it announced the breach in September that it became aware of it on July 29, 2017. But by that time hackers were able to steal the information of millions of Americans. Hackers gained access to Equifax’s information system through an insecurity in the internal servers that went unnoticed for quite some time.
In the wake of the exposure, Equifax gave the option for millions of Americans to put a “freeze” on their credit information to keep it from being used by fraudulent activity. Experts are unaware what the data was used for, as they haven’t seen much—if anything—come out of the data breach in different areas of the web where illicit information is usually sold or traded. The company also revealed later on that the hackers stole credit card numbers as well—up to 200,000 from various consumers over the course of that three-month period.
After the initial announcement was made about the data breach, Equifax revealed that the insecurity in its system that allowed the hackers to have access to all of the information was found back in March of that year. However, Equifax failed to patch the security hole that, ultimately, led to one of the most severe data breaches in technological history. Now, two years later, the company is settling fines and seeing legal repercussions for its neglect.
Fines, Court, and Jail Time
Before the total amount of the fine is announced, the United States Department of Justice announced in June that one of the Equifax employees involved in the data breach has been sentenced to four months in prison for insider trading. The company’s Chief Information Officer, Jun Ying, is accused of selling his stocks in the company after he became aware of the data breach, but before it was announced. After Ying found out about the breach in August of 2017 he texted a coworker to get his opinion on the subject before researching how a 2015 Equifax breach impacted stock prices.
Upon seeing that a smaller 2015 breach created a negative impact in the Equifax stock value, Ying proceeded to sell off a portion of his stocks for a profit. Once the company announced the breach the following month, stocks within the company fell when consumer trust was lost. Ying is reported to have profited as much as $480,000 from selling his stocks for nearly $1 million, where he would have lost as much as $117,000 had he kept them throughout the fallout over the data breach.
Members of both the FBI and the Department of Justice in Atlanta pointed out that consumer trust in the stock market depends on the trust that executives within those companies are held to a high standard of lawful and honest practice. If insiders within individual companies start trading unfairly, using insider information, they must be held accountable or the overall value in the market will decrease.