Federal regulators announced the largest-ever settlement for a data breach Monday. Equifax will pay up to $700 million for its 2017 data breach, in which the company lost control of private data of almost 150 million Americans.
Lots of people will get a slice of that settlement: $175 million dollars will go to various states; the Consumer Financial Protection Bureau gets $100 million in penalties; and $425 million is set aside for consumers who can prove harm. Here’s the link to Equifax’s website where victims of the 2017 breach can file a claim.
Settlement aside, however, very little has changed for consumers since the 2017 breach. There are no new laws or regulations that comprehensively govern the sometimes-murky credit consumer financial data industry, or that give consumers greater control over their financial data.
“Congress is trying to learn more about it [the credit reporting industry] themselves. I don’t think they realized how a big and massive breach could happen,” said Allen Spence with the identity protection firm ID Shield.
Consumers are still vulnerable to malicious hackers who target credit bureaus, said Gregory Touhill, who teaches at Carnegie Mellon University. Touhill is president of Cyxtera Federal Group, a cyber security firm.
“It’s just as bad as it was before,” Touhill said.
There has been at least one change since the 2017 Equifax breach. In 2018, Congress passed a law to let consumers freeze their credit file with credit bureaus for free. Here’s a link to information on how to freeze your credit report.