Today, the Consumer Financial Protection Bureau (CFPB), the Federal Trade Commission (FTC) and a large group of state attorneys general announced that they reached a global settlement with Equifax over its 2017 data breach. Among other relief, the $700 million settlement includes $450 million in monetary relief to consumers and $100 million in civil penalties.

The Equifax data breach, which spanned from May to July of 2017, compromised the sensitive data of 147 million consumers. The CFPB’s complaint against Equifax alleged that the credit reporting agency engaged in unfair and deceptive practices, including not having reasonable security measures for mass quantities of sensitive data and the company’s privacy policy deceiving consumers about the strength of its data security programs.

The monetary relief portion of the settlement aims to reimburse consumers for lost time related to credit monitoring, protecting their personal information, and costs related to identity theft of affected consumers. Affected consumers will also receive at least 10 years of free credit monitoring and 7 years of identity-restoration services. Additionally, for 7 years, all U.S. consumers may request up to 6 free copies of their Equifax credit report per year in addition to any free credit reports they are already entitled to.


insideARM Perspective

The Equifax data breach was undoubtedly one of the larger data security events to hit the financial services industry. While not nearly at the same scale as the Equifax breach, the AMCA breach is one of the larger breaches to be reported in the ARM industry. While it might seem that these two events are worlds apart, the two breaches occurred roughly a year apart—mid-2017 for Equifax, late 2018 and early 2019 for AMCA. Data security has always been an important factor in the ARM and financial services industries, and these two data breaches only accentuate how vital it is to be on top of data security measures.

Next Article: Commercial Collections Strategy with Tactical Intent