After the FTC created a settlement with Equifax over the breach in 2017 of the data of close to 150 million people that turned out to be mostly smoke and mirrors, some of the lawsuits are now moving forward showing how bad things were at Equifax.
- Equifax used a default userid of admin and password of admin to protect some of your data.
- Equifax failed to use multifactor authentication.
- They failed to adequately monitor its networks and systems.
- Because of the ineffective logging, hackers were able to roam around in the Equifax network undetected for 75 days.
After first promising $125 to all affected users, they decided that since the FTC had allowed them to limit the cash payouts in the supposedly $700 million settlement to only $31 million, they figured out that was only enough money to pay 25,000 out of the 150 million people affected. Now they are saying well, you can get credit monitoring (which you are already getting from any of the other breaches that you have been affected by, so it is really giving you something that is worthless) instead of cash.
Maybe the class action will actually extract some cash out of them – to be seen.
In the meantime, companies need to make sure that they are taking cyber hygiene seriously because even if this payout is a joke (mostly because of the way the law is written in terms of what the FTC is allowed to do), Equifax has racked up over a billion dollars in costs resulting from this attack. Source: SC Magazine.